I'm looking to do some packet sniffing on a computer that I do not have privileged access on. I am considering asking the admins to allow users in a specific group access to tcpdump. Specifically, I am thinking about asking them to change the group owner of /usr/sbin/tcpdump to the specific group. https://askubuntu.com/questions/530920/tcpdump-permissions-problem
If access to tcpdump were relaxed, what kinds of impacts to the security of the system would I have to consider?
Thanks.
Mainly that the data in the unencrypted traffic could be read by that user and that knowledge of the networking setup (i.e. what IP of the file server is) and any login credentials that might be hard-coded into any of the applications and sent unencrypted. If you are able to switch users and someone else were to log in then their network data would be at risk too.
Instead of that:
Get a hub, not router, or switch Plug main connection in, and destination computer, and then a third computer you do have control of. Hubs, broadcast all traffic over all ports so the 3rd computer will hear everything.
Get a computer you can control, and add 2 nics. Basically, an IN and OUT port. This computer and be setup to transfer the data through. Then you can capture without needing to change the target computer at all.
