Wireshark for Ethical Hackers - 8
Networking of Sniffing Crash Theory Practice - Part 4
TAPs
- Tap is a L1-device that allows to monitor traffic between 2 points passively
- Better than Port Mirroring: allows to see malformed frames, L1/L2 errors etc.
- UTP taps and Fiber taps
- Regeneration taps
- Link aggregation taps
- Support high-speed links
- Easy passive taps are inexpensive and may be constructed manually.
Connect the devices as close to a tap as possible.
Promiscuous mode
- Almost all NICs for wired networks
- Some wireless cards: https://www.aircrack-ng.org/
Monitor Mode
- In the Monitor mode the Wireless interface receives messages from the Access Points that it is not even associated with
Example:
TP-LIN TP-WN722N (Atheros AR9271 chipset)
Alfa AWUS036NHA (Atheros AR9271 chipset)
Alfa AWUS036AC
The place of a sniffer
相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
