Knowing 'bout networking devices is considered as primary option before sniffing in any network.
1. HUB
A network with "Hub" as a connecting device b/w different endpoints, transmits data from every ports, and hence traffic can be sniffed easily. An illustration below shows all:
Here, i've different PCs that have had been assigned a unique IP and are connected across the HUB.
So PC1 'll try to ping PC2, and at the same time I've been capturing packets at Ethernet3.
So what actually happens when a device tries to ping the another device on a network ARP message is sent to discover the link layer access for eg. MAC address, associated with the IP address of the device. So this is broadcast into the whole network through all the ports except the source port.
But as I was sniffing the traffic on Ethernet port 3, I was also able to view the packet.
1st was the broadcast, which was sent to all the endpoints in the network, And 2nd was the reply from the PC associated with IP address 10.0.0.2 to PC1 with IP 10.0.0.1, sending it's MAC address associated with it's IP.
Now can I sniff the rest of the conversation b/w the PC1 and PC2, with myself being on PC3? yes
This happens because the HUB is a Multiport Repeater, it broadcasts (or floods or sends) data from every port. i.e. HUB can't distinguish the port associated with the frame. So every device connected with the hub receives the packet.
Be the First to Respond
Share Your Thoughts