Network Spying

[Flashie]

Hey. I'd like to do a little bit more research into the topic above.

Now im no network admin - and what little i know compared to professionals is scary. Never the less - i'd like to learn.

Let me set the scenario:

There are 2 people on the network. Person 1 and Person 2 - connected to the same router; both on separate PC's.

Person 1 just accesses the web; googles; streams video and plays games. Person 2 does the same; But monitors the network with an unknown software.

Is it possible for Person 2 to view the packets sent from Person 1 (basically viewing the sites/domains visited) as they're both connected using the same router?

&

What options does Person 1 have to revoke Person 2 from access to this information? (Like blocking IP conversation with that IP)

 

Both parties have access to each other's mac addresses if that helps

[Matt_98]

1 minute ago, Flashie said:

Hey. I'd like to do a little bit more research into the topic above.

Now im no network admin - and what little i know compared to professionals is scary. Never the less - i'd like to learn.

Let me set the scenario:

There are 2 people on the network. Person 1 and Person 2 - connected to the same router; both on separate PC's.

Person 1 just accesses the web; googles; streams video and plays games. Person 2 does the same; But monitors the network with an unknown software.

Is it possible for Person 2 to view the packets sent from Person 1 (basically viewing the sites/domains visited) as they're both connected using the same router?

&

What options does Person 1 have to revoke Person 2 from access to this information? (Like blocking IP conversation with that IP)

 

Both parties have access to each other's mac addresses if that helps

 

it depends how is the network laid out?

[Flashie]

Just now, Matt_98 said:

it depends how is the network laid out?

--> == Wired connection

ADSL Line -->  Router  --> Person 2
                                     --> Person 1

[Hydro]

9 hours ago, Flashie said:

Hey. I'd like to do a little bit more research into the topic above.

Now im no network admin - and what little i know compared to professionals is scary. Never the less - i'd like to learn.

Let me set the scenario:

There are 2 people on the network. Person 1 and Person 2 - connected to the same router; both on separate PC's.

Person 1 just accesses the web; googles; streams video and plays games. Person 2 does the same; But monitors the network with an unknown software.

Is it possible for Person 2 to view the packets sent from Person 1 (basically viewing the sites/domains visited) as they're both connected using the same router?

&

What options does Person 1 have to revoke Person 2 from access to this information? (Like blocking IP conversation with that IP)

 

Both parties have access to each other's mac addresses if that helps

is it encypted data,

if yes, your out of luck

if no,

try downloading cain & abel

read the whole manual

use a poison attack to poison the pc

and your in his registry

 

i am not responsible for any damage or illegal activity caused by my simple guide

http://www.oxid.it/cain.html

http://oxid.it/projects.html

 

and btw if you poison the router you will ddos yourself

[Flashie]

Just now, Hydro said:

and btw if you poison the router you will ddos yourself

is it encypted data,

if yes, your out of luck

if no,

try downloading cain & abel

read the whole manual

use a poison attack to poison the pc

and your in his registry

 

i am not responsible for any damage or illegal activity caused by my simple guide

http://www.oxid.it/cain.html

http://oxid.it/projects.html

Where do i make sure whether or not it is encrypted data? Right now i use Colasoft Capsa to monitor my networks and thats where i noticed the scenario above take place between 2 PC's on the same subnet that the one was illegally accessing the others HTTP info

[Hydro]

Just now, Flashie said:

Where do i make sure whether or not it is encrypted data? Right now i use Colasoft Capsa to monitor my networks and thats where i noticed the scenario above take place between 2 PC's on the same subnet that the one was illegally accessing the others HTTP info

if its encrypted you cant read it and it will mostly show up like messed up binary

 

 

[Flashie]

9 hours ago, Hydro said:

if its encrypted you cant read it and it will mostly show up like messed up binary

 

 

Well - Using Colasoft Capsa i was able to see exactly what sites were accessed and what was shared between the users. I then went to the firewall of the one PC and noticed 'Alljoyn Router' as only having access to private/work networks and not public which made me suspicious. (After some research its microsofts implementation of the IoT to make it easier for software developers to detect/communicate to nearby devices?). I disabled the service and after that i could no longer view the IP conversation going on between the two "persons" discussed in the scenario - As if it ahd stopped conversating

 

I take that back - It has once again just popped up that that PC is accessing the HTTP logs  How do i simply restrict/block access to and from that IP?
 

[Hydro]

5 minutes ago, Flashie said:

Well - Using Colasoft Capsa i was able to see exactly what sites were accessed and what was shared between the users. I then went to the firewall of the one PC and noticed 'Alljoyn Router' as only having access to private/work networks and not public which made me suspicious. (After some research its microsofts implementation of the IoT to make it easier for software developers to detect/communicate to nearby devices?). I disabled the service and after that i could no longer view the IP conversation going on between the two "persons" discussed in the scenario - As if it ahd stopped conversating

well those packet sniffers are made to filter those things and asemble the packets

2 minutes ago, Flashie said:

I take that back - It has once again just popped up that that PC is accessing the HTTP logs  How do i simply restrict/block access to and from that IP?
 

there is a blocked host ip list in windows, if i where you i would traceroute it

before blocking it

[Flashie]

2 minutes ago, Hydro said:

well those packet sniffers are made to filter those things and asemble the packets

there is a blocked host ip list in windows, if i where you i would traceroute it

before blocking it

I know which Private IP his is if that makes it faster than having to tracert to it

 

[PCgamer324]

yeah its called arp spoofing and it used to be a rather big issue until browsers rolled out HSTS

 

basically with by poisoning the arp cache person 2 can make person 1's computer think it has to send its traffic through person 2's computer to get to the internet.  Person 2 can see where you are going but not what you are doing if the websites / apps you are using have HTTPS / SSL enabled.  Regardless, if person 2 knowns what they are doing they can proxy all your connections and serve you unencrypted connections to services (although this should be thwarted by most modern HSTS implementations; not allowing you to access previously encrypted services from an insecure connection)  It is also possible for the attacker to redirect your request to an alternate or non existent domain to thwart HSTS, of which there is no good solution at this time.

 

Bottom line, if you don't trust people on a LAN, use a VPN / Tor etc