3
1
I'd like to know if a file (PDF, JPG, or whatever) that I copy with .NET code between two computers in my LAN can be easily sniffed and obtained. If so, what would it take to do it?
How trivial would it be?
Thanks.
silverCORE
Posted 2011-10-17T17:03:08.977
Reputation: 665
5
@wizlog, sniffing is the act of reading the contents of packets of data, regardless of the structure of the network those packets are traveling over.
@silvercore, the answer is yes. Generally the sniffer would have to have access to the same network as you, but unless you are encrypting the file transfer the contents of any file or data transfered will be accessible to any sniffers with appropriate access. To clarify, a sniffer properly situated will always be able to view the contents of the packets traveling across the network, encryption only makes the task of understanding the contents of those packets more difficult.
You can test this by installing Wireshark on a third computer and setting it to collect packets while the transfer is occuring and watch the output.
UPDATE: Info based on HarryMC's answer below:
While you, with Wireshark, will probably have issues "reading" the contents of the file you transfer, even if it is not encrypted, in Wireshark you should be able to set filters to search for certain strings in the packet contents. Reading the file name of the file to be transfered shouldn't be too hard, nor would reading any information on the sort of packaging utility used to create the file. The information you can easily read should give some indication of the file contents without needing to extract the file data and recreate it.
music2myear
Posted 2011-10-17T17:03:08.977
Reputation: 34 957
6
It is possible. However, it will require physical access to your network. Anyone who can plug something into a network port on your hub, switch or router, can attempt to eavesdrop on your LAN traffic, with a different degree of success.
Hubs: older equipment, now mostly replaced by switches. Extremely easy to eavesdrop, since every port sees everything that goes on every other port.
Switches: more complex to eavesdrop. However, successful attack is possible. For example, sometimes overwhelming a switch with fake specially crafted packets will switch it into a hub mode.
Routers: depends on the configuration and security of the router itself.
All in all, with right hardware and software, it is possible, and has been done many times. Wired networks have to be secured against physical access otherwise they are often less secure than wireless ones.
haimg
Posted 2011-10-17T17:03:08.977
Reputation: 19 503
Much more likely/common than "specially crafted packets to switch it into a hub mode" is ARP spoofing.
– BlueRaja - Danny Pflughoeft – 2011-10-17T21:19:48.2332
With the right utility, everything is possible. So if "possible" is the question, then the answer is "yes".
But this would require high hacking ability. So if "easily" is the question then the answer is "no".
harrymc
Posted 2011-10-17T17:03:08.977
Reputation: 306 093
1I'm not sure installing Wireshark and telling it to capture packets constitutes "high hacking ability". Yes, if the attacker was accessing the network from the internet and the network were normally secure, it may require a bit of hacking to get to where the packets could be sniffed. But if the attack is from inside the network, it's really not far beyond the abilities of a normal computer user. – music2myear – 2011-10-17T19:19:28.767
3@music2myear: The high hacking ability comes into understanding the protocol and reassembling the pieces into an entire file. Wireshark doesn't do that for you, just dumps the packets, so non-trivial programming would be required as well as some knowledge of the SMB protocol. Which really means hacking, not just simple-minded manipulation of a protocol-sniffer. – harrymc – 2011-10-17T19:32:59.617
That is very correct. Thank you for the clarification. – music2myear – 2011-10-17T20:33:34.983
hey music. thanks for the answer, which I could mark both yours and haimg's replies as answers. – silverCORE – 2011-10-17T18:38:29.573
Just give me an up-vote and I'll be happy. – music2myear – 2011-10-17T19:04:40.413
already had music. tell you what, both are great answers, i'll mark the one with more upvotes as definitive answer. – silverCORE – 2011-10-17T19:17:53.643