Whats your connection speed?
- Thread starter Jeslek
- Start date
tommyj27
Not really Banned
i know that smartypants, that's a given. my point is, I don't want the 10th grade l33t h4X0r down the street to get his jollies from sniffing my aim conversations at night. dsl, dialup, etc. are generally more secure against casual wiretapping in the last mile than most cable. although i have heard that some providers use some method of switching cable traffic so it's not a shared medium.jerrek said:
octal
New Member
Well, keep in mind that you can ping your network, and then ARP poison the fellars you find on your net.
Aside from the s00p3rXl33tH4x0rD00D1n6 I have received some data from other hosts on the same subnet as me. Most of the time I don't get any, but there have been a few occasions that I have. I've heard of some switched Ethernet II (...at least that's the frame type the packets come to me in) cable networks, but I don't know how factual they are.
I had some crazy experiences tonight with our St. Paul outage, but I'm too damn tired to go into them right now (basically the IP of my default gw has the same MAC as a buttload of other IPs that are supposed to be default gateways or border routers...and that my ARP cache actually shows it...something I wouldn't expect). ...okay, I will anyways but just a little bit.
Address HWtype HWaddress Flags Mask Iface
192.168.129.69 ether 00:40:F4:5C:B0:06 C eth0
24.245.14.1 ether 00:02:16:CA:C0:54 C eth1
24.245.12.1 ether 00:02:16:CA:C0:54 C eth1
Those are the entries in my ARP cache. I examined a bunch of ARP requests sent out over the network, and some are coming from a system with the IP 66.46.16.1, with the same MAC as the two identicals above (well supposedly the same MAC). The thing here is that if the machine sending this stuff was on the other side of a router from me I shouldn't be getting any ARP requests. Another nice thing to point out is that each of the IP's is just one hop after my cable modem.
So my conclusions are than this MAC is mutihomed on a router port and all traffic coming out of that is switched. Since I don't get any traffic from the other networks, but I do get ARP requests (sent to the broadcast MAC) it would have to come from a router port and be sent on some form of a switched network.
If I did want that traffic I could get it (probably), but since I don't want to look like a bastard and overflow the switch's buffer (breaking it into broadcast mode)...nor probably could I.
(btw, Tommy, did we read about switches' buffers in my book, or was that in one of the PDF's?)
Aside from the s00p3rXl33tH4x0rD00D1n6 I have received some data from other hosts on the same subnet as me. Most of the time I don't get any, but there have been a few occasions that I have. I've heard of some switched Ethernet II (...at least that's the frame type the packets come to me in) cable networks, but I don't know how factual they are.
I had some crazy experiences tonight with our St. Paul outage, but I'm too damn tired to go into them right now (basically the IP of my default gw has the same MAC as a buttload of other IPs that are supposed to be default gateways or border routers...and that my ARP cache actually shows it...something I wouldn't expect). ...okay, I will anyways but just a little bit.
Address HWtype HWaddress Flags Mask Iface
192.168.129.69 ether 00:40:F4:5C:B0:06 C eth0
24.245.14.1 ether 00:02:16:CA:C0:54 C eth1
24.245.12.1 ether 00:02:16:CA:C0:54 C eth1
Those are the entries in my ARP cache. I examined a bunch of ARP requests sent out over the network, and some are coming from a system with the IP 66.46.16.1, with the same MAC as the two identicals above (well supposedly the same MAC). The thing here is that if the machine sending this stuff was on the other side of a router from me I shouldn't be getting any ARP requests. Another nice thing to point out is that each of the IP's is just one hop after my cable modem.
So my conclusions are than this MAC is mutihomed on a router port and all traffic coming out of that is switched. Since I don't get any traffic from the other networks, but I do get ARP requests (sent to the broadcast MAC) it would have to come from a router port and be sent on some form of a switched network.
If I did want that traffic I could get it (probably), but since I don't want to look like a bastard and overflow the switch's buffer (breaking it into broadcast mode)...nor probably could I.
(btw, Tommy, did we read about switches' buffers in my book, or was that in one of the PDF's?)
On my DSL line, I can get to the other PC's in town through their Mac address, the modems config utility will pull them all up. Now I really don't know what to do with them from there, but I assume If I can pull their mac addresses off of there, I can go further than that.
tommyj27
Not really Banned
i'm still tired and not walking straight, much less reading, so if I'm way off the mark, excuse me. Octal, what you're seeing with the duplicated MACs is the MAC of your gateway. MACs are used for routing on a broadcast domain. Since there is no hierarchal rhyme or reason to layer two addressing (MACs), when you leave your local network you are using network addressing. So when you send a packet to xyz address off your network, your system is going send it to the default gateway using the gateway's MAC so that the gateway knows the packet is meant for it, otherwise the packet would be dropped. The gateway figures out where it has to send the packet based on the network layer address and fires it onto the next hop using it's own MAC as a source and the MAC of the next hop as the destination, this re-encapsulation is repeated at every hop until the destination network is reached. If the the gateway there doesn't know the MAC of the destination IP, it sends an ARP request, once it gets its reply it knows where to send the packet on the local net. Get some sleep silly
octal
New Member
I know how routing works, but the point of my ranting was to note that 24.245.14.1 is my gateway, which I have an entry in my ARP cache for, and 24.245.12.1, a computer that isn't the default gateway for my network, also has an entry in my ARP cache. The peculiar thing is that those two share the same MAC. During sniffing I picked up ARP requests from 66.46.16.1, which also shares the same MAC as the other two. The only way I would have entries in my ARP cache is if they were on my side of the router/gateway. So the conclusion I was trying to draw is that the machine with 00:02:16:CA:C0:54 as its MAC is multihoming IPs, and switching the networks (which the IPs belong to). So this machine is the gateway for a bunch of networks.
Why do I assume this? Because of the ARP requests. If a machine sends an ARP request it's sent out on the broadcast MAC address, which means anyone on the switch (or hub, but that's a slightly different story) will get the request. Now if the networks were switched, then even if the IP is bla.bla.bla.bla I will get any ARP request he sends out.
Their network is actually pretty dang complicated. For instance, my cable modem passes everything I send to my gateway (it's not routing it, just passing it along, like a hub). My modem has a 192.168.100.x IP that's bound to it, as well as a 10.x.x.x address. I also don't go through my default gateway onto the cable network either (although the IP that I pass through is most likely the other side of my gateway/router from my tracing).
So their network looks really hairy. If I had the time I'd try finding out exactly what the network looks like on my side of the gateway/router, but I have to finish implementing multi-threading in processes and learn how to use gdb, and prepare for two tests before I can do anything like that. ...at least spring break is coming soon...
Why do I assume this? Because of the ARP requests. If a machine sends an ARP request it's sent out on the broadcast MAC address, which means anyone on the switch (or hub, but that's a slightly different story) will get the request. Now if the networks were switched, then even if the IP is bla.bla.bla.bla I will get any ARP request he sends out.
Their network is actually pretty dang complicated. For instance, my cable modem passes everything I send to my gateway (it's not routing it, just passing it along, like a hub). My modem has a 192.168.100.x IP that's bound to it, as well as a 10.x.x.x address. I also don't go through my default gateway onto the cable network either (although the IP that I pass through is most likely the other side of my gateway/router from my tracing).
So their network looks really hairy. If I had the time I'd try finding out exactly what the network looks like on my side of the gateway/router, but I have to finish implementing multi-threading in processes and learn how to use gdb, and prepare for two tests before I can do anything like that. ...at least spring break is coming soon...
