First of all ,I would like to let you know that, whatever I write here is for educational purpose only .Please do not abuse it one way or other.
I think you already aware of the dangerous key loggers and what they do . If you want to use a computer in a net cafe for bank transactions, be-careful !, they might have key-loggers installed which can capture your passwords and chats .
There are some hardware key loggers which can be attached to keyboard and others are software key-loggers which are difficult to be traced .
If we have physical access to someone’s computer it is very easy to view passwords ,record chats or record whatever typed on that computer .And sometimes, it is possible to receive a mail automatically with the recorded data ( for example- spector pro).
If we don’t have physical access to the pc and dont want to install some monitoring software , Then we can use network packet capturing tools like wireshark to capture passwords ,web traffic on network.
If the computers on network connected to a older ethernet hub , then it will be more easy to capture packets originating from those computers , because a ethernet hub just broadcasts the packets (sends the same packet to all the computers on network , but only the real receiver will accept it ) . So with the tools like ethereal , we can make the computer listen to these packets in promiscuous mode .
But ethernet switch does not broadcast the traffic , it sends the frames directly to a node which it has to be delivered . Because it knows the mac-address of the destination .
If the computers connected to Cisco catalyst switches , We can clone the same traffic destined to one port ,to another port . Suppose computer A connected to port 1 and having conversation with server S connected to port 2,then using port mirroring feature we can copy the frames from port 1 to port 3 . And with the help of tools like ethereal , we can capture those packets( Should i say frames ?, since it is layer 2 data. ) and decrypt the interesting traffic.
The procedure to enable port mirroring on a csico 2900 LAN switch series is ,
1.using console cable or telnet to cisco switch ,enter global config mode
switch# config terminal
2.issue command
switch<config># monitor session 1 source interface GigabitEthernet 0/1
3. issue command
switch<config>#monitor session 1 destination interface FastEthernet 0/20
4.Exit from Global config mode and issue command write memory to save the changes
We can give session number anything between 1-66 . The source interface number is the port we want monitor and destination interface is the port where our computer is connected which has wire shark or any other network traffic sniffer is installed.
Now it is time to open our monitoring tools and check for the interesting traffic.
Suppose we can use messenger detect to monitor messenger chats and contacts of messengers on the network .
If we use wire shark , we can capture http,pop3,ftp passwords too..
0 Comments