Question for the lads

The radios broadcast their signals, so everything on the network can receive it.

>>60950896

What about wired connections? I thought the switch only forwarded broadcast packets to everybody?

File: 1487287277080-a.jpg (144KB, 572x303px) Image search: [Google]

144KB, 572x303px

>>60950903
dunno

>>60950903
it does, you idiot

>>60950903
If on a switched segment, Wireshark would only gather traffic sniffed from your collision domain.

Also remember, that when a switch meets a packet for which there is no dst in it's forwarding table, it will flood the first packet in a flow over all ports in that vlan. To gather more traffic, you could use arp manipulation to prompt flooding (ly2) or create a mitm env for your broadcast domain (ly3).

In the case of hub and wireless networks, everything is effectively sniffable unless layer 2 protective measures are implemented.

>>60950956

You are cool guy.

>>60950956
>that when a switch meets a packet
frame*

>>60950903
Only routers do that, switchers are super simple by design and just copy to all ports.

>>60951184
Those would be hubs.

>>60951184
>switchers are super simple by design and just copy to all ports.
You are describing a hub, which blindly floods all ingress traffic.

Switches maintain a forwarding table for the layer 2 address of ingress frames. Wherein a switch meets a frame for a destination address not present in it's forwarding table, it would flood said frame (on the rx port's collision domain) and expect an arp response from the intended recipient. This how is how switches use layer 2 flooding to build forwarding tables.

If a switch has an entry in its forwarding table for some ly2 address, it would simply forward frames out the matching port.

>>60951238
>on the rx port's collision domain
vlan*

>>60950956
>>60951238
sh mac address-table | i

>>60950859
>How can my computer in my moms basement see what my mom is downloading upstairs?
Configure a SPAN port

>>60950896
You're a retard who doesn't understand how Wi-Fi works.

>>60950956
>you could use arp manipulation to prompt flooding (ly2) or create a mitm env for your broadcast domain (ly3).
No you just configure a SPAN port like everyone else does rather than trying to do retarded things to turn a switch in to a hub. Also any decent switch will just disable your port if you do something like this.

>>60951302
This would display known MAC addresses for your local segment. This is how your system associates addresses for layers 2 and 3.

Because a system knows the layer 2 address for some system on it's segment does not imply that said system is able to sniff traffic for the whole segment. It is still bound by it's collision domain.

>>60951390
>You're a retard who doesn't understand how Wi-Fi works.
Oh yeah, educate me then.

>>60951390
>configure a SPAN port
Assumes you have administrative access to the switch.

>>60951390
>Configure a SPAN port
What $25 home router is going to allow you to configure SPAN ports? Furthermore, what $25 home router is going to come preconfigured with port mirroring? Even furthermore, what makes you think this isnt a wireless network?

>>60951392
Oh I know, you're just the first person I've seen on /g/ in like a month who would even be able to recognize a basic IOS command.

It seems like network guys are far and few between here.

>>60951390
Google "promiscuous mode".
In said mode, your adapter will read all packets that it receives, regardless if they are addressed to it or not.

WPA2 aside, this allows you to do a full packet capture on a device.

>>60951455
It's true people that actually know anything beyond CCENT are rare as fuck here and on reddit. They usually spout completely irrelevant bullshit about SPAN ports instead of providing an actual answer to a basic inquiry about the principle mechanisms behind traffic forwarding / sniffing.

>>60951405
>Oh yeah, educate me then.
For one example:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-2/config-guide/b_cg82/b_cg82_chapter_01010001.html

>>60951412
And you try to flood a switched ARP table is it just going to block your port
http://www.cisco.com/c/en/us/support/docs/switches/catalyst-3750-series-switches/72846-layer2-secftrs-catl3fixed.html

>>60951440
Its not my fault you have a shitbox as your switch. Cisco switches are cheap, go buy one.

>>60951500
>Google "promiscuous mode".
You're a retard who doesnt understand how switches work.

>>60951538
principal*

>>60951541
You're a retard who doesn't understand that op's mom is not going to have a cisco switch.

File: americans.png (16KB, 651x273px) Image search: [Google]

16KB, 651x273px

>>60951601

>>60951628
http://www.thefreedictionary.com/principal

File: wifi.png (19KB, 640x598px) Image search: [Google]

19KB, 640x598px

>>60951541
Jeez dude, don't call people retarded and then post irrelevant Cisco docs as "education". That's about local wifi AP bridging, and has nothing to do with the radio properties of WiFi.

I'll draw you a picture to make it easy. The AP is transmitting to the client, and the client transmits back.
If someone is able to receive both parties, they can put together the conversation. WiFi adapters that read all packets, and not just the ones tagged with their MAC, are in "promiscuous mode".

File: Screen Shot 2017-06-17 at 9.01.26 PM.png (1MB, 3360x2100px) Image search: [Google]

1MB, 3360x2100px

>>60951616
Its not my fault you or OP can't afford a <$100 switch.

>>60951538
>just flood a switches ARP table, thats totally a good idea
>doing things the right way is just irrelevant bullshit

>>60951711
>i dont understand how P2P blocking works.
read the link

>>60951736
>Its not my fault you or OP can't afford a <$100 switch.
You're a retard who doesn't understand that most people don't give a shit about switches and their features, and will just use the ISP-provided box

You're a retard who is divorced from the real world.

>>60951736
>mac
Literally everything you have ever written on this site has been instantly invalidated by that screenshot.

Furthermore, re-read what this guy wrote >>60951786
and reall let it sink in

>>60951786
>You're a retard who doesn't understand that most people don't give a shit about switches and their features
OP clearly does and you're in a thread about it so stay mad that you're too poor to be able to afford to drop <$100 on networking equipment, and too dumb to learn IOS.

>>60951822
>being too poor to afford a mac
https://www.reddit.com/r/networking/comments/6hiwq6/netengineers_and_macbooks/

>>60951834
Next time I feel like burning money and letting a black man fuck me, I'll know whose posts to reply to. Thanks :')

>>60951736
I'm going to try again and ignore your awful arrogant attitude.
We're talking about segments, think old school switches and hubs. Layer 1. You're talking about broadcast domains and VLANs, which are irrelevant.

If wired networking is like sitting at your desk and talking into your phone, WiFi is analogous to standing up and shouting back and forth across the office.
Switching is irrelevant at this point, because I can clearly hear (or receive) both parties talking (transmitting) to each other.

>>60951874
>WiFi is analogous to standing up and shouting back and forth across the office.
No its not, you clearly dont understand how encryption works with Wi-Fi networks. Each client has its own unique keys to talk with the AP. See the 2nd answer here

https://security.stackexchange.com/questions/16751/wireless-client-isolation-how-does-it-work-and-can-it-be-bypassed

Or google around for Publicly Secure Packet Forwarding. For two clients to be able to talk over a Wi-Fi network, they're dependent on the AP acting as a bridge.

>>60951874
>We're talking about segments, think old school switches and hubs. Layer 1.
And to be autistic switches and hubs are layer 2, layer 2 would be the PHYs. l2osimodel

>>60951968
>layer 2 would be the PHYs
layer 1

>>60951915
The encryption basically makes it analogous to standing up and yelling in a foreign language or code.
It's trivial to receive all WiFi transmissions in a given area, and if WPA isn't used, it's just as easy to get data from them.
A wired switch makes sure that you're only getting packets addressed to you.

>>60951968
I meant to think layer 1. This has nothing to do with switching or routing. Also hubs are generally regarded as layer 1 devices.

promiscuous

>>60952034
>The encryption basically makes it analogous to standing up and yelling in a foreign language
You dont know what encryption is do you?

>It's trivial to receive all WiFi transmissions in a given area, and if WPA isn't used, it's just as easy to get data from them.
So what, you're talking about WEP which no one has used in the past 10 years?

>>60952114
Please explain how I'm wrong.
WPA doesn't hide your transmissions, it just makes them unreadable to others.

Open up your phone and look at all the open APs when you're out sometime. It's very possible that they use whatever ISP provided AP and log in with their accounts to the open wifi channel.

Also, if he lives there, he knows the PSK, and you can decrypt WPA2 transmissions in wireshark if you know the key...

>>60952279
>WPA doesn't hide your transmissions, it just makes them unreadable to others.
This entire fucking thread is about sniffing connections you retard. You are so butthurt over the fact that you dont understand how WiFi works that now you're desperately trying to find a way to salvage your ego.

>Also, if he lives there, he knows the PSK, and you can decrypt WPA2 transmissions in wireshark if you know the key...
Again that isnt how it works at all. The PSK is used to authenticate to the network and a key exchange then occurs. Just because you know the PSK doesnt mean you can sniff someone elses connection.

For fucks sakes you dont even know the difference between layers 1 and 2, while trying to give shitty analogies to someone who clearly knows more than you.

>>60952362
Please calm yourself, there's no need to get so upset over a networking discussion.
You called the dude a retard when he said that "The radios broadcast their signals, so everything on the network can receive it".
We've established that you *can* passively sniff WiFi connections if they are open or WEP, which was what this whole thing was about.

You can also sniff WPA or WPA2 connections, provided you capture the exchange packets and know the PSK.
>The PSK is used to authenticate to the network and a key exchange then occurs.
Exactly. Now WPA2 doesn't use DH, so the key exchanged is based upon some shared secret... perhaps a "Pre Shared Key"? If you know the PSK you can derive the session keys from the exchange packets.
Here's a cool wiki page on how you can try it yourself! https://wiki.wireshark.org/HowToDecrypt802.11

Recap:
>WiFi is just radio communication
>anyone within range will receive all packets (original point of discussion)
>encrypted communications can be decoded if you know the original point of secrecy on which the encryption was built