05-27-2011 06:50 PM - edited 03-06-2019 05:14 PM
I have heard that if we attact a hub in between the wires we are easily able to analyse the traffic that goes through that wire,
Tell me the full procedure how to set it up, with what softwares and OS I can analyse the traffic. ?
05-27-2011 08:57 PM
The only thing missing in the equation is a proggie to analyze packets as it traverse from one interface of the hub to the next with your client in the middle. Use WireShark as the proggie.
06-02-2011 10:27 AM
A hub is a multi-port repeater. That means, whatever comes traffic comes in on for example port 1, egresses on all ports except port 1. It has no knowledge of layer 2 stuff (MAC addresses, etc...), it's a pure electrical device. It duplicates the electrical signal received from one port to all other ports except the receiving port.
Because of this behaviour, we can easily capture traffic:
pc A
|
+-|-----------+
|port1 |
|HUB port3 ----- pc C
|port2 |
+-|-----------+
|
pc B
So what happens here is, pc A and pc B are connected to respectively port 1 and port 2 on the hub. Since the hub repeats whatever is coming in on port 1 to port 2, and vice versa, they both can communicate. However, since a hub repeats to *all ports*, including port 3, if pc B sends a message to pc A, pc C will also receive the message even though it may not be meant for him!
By using this "everything gets repeated" logic, you can easily snoop traffic between two nodes by inserting a hub in the communication path and attaching a third node to the hub.
As already suggested, you can use wireshark to capture the traffic. Make sure to enable promiscious mode (promiscious mode sets the network card to accept traffic even if it's not destined for him)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide