Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 04-28-2006, 05:55 PM   #11
Golden Master
 
DJ-CHRIS's Avatar
 
Join Date: Apr 2006
Posts: 5,203
Send a message via AIM to DJ-CHRIS Send a message via MSN to DJ-CHRIS Send a message via Yahoo to DJ-CHRIS
Default Re: Testing Snort

Quote:
Originally Posted by root
It depends how you look at the network and the technology used in a network.
a regular hub is a piece of dumb equipment, it recieves a packets and then spits it out of all ports, sending all packets to all ports on the hub, only the computer that actuall wants the packet picks it up.
other computers ignore it.
(this is good when you are sending out broadcast packets or DHCP requests since the DHCP server usually isn't know, so a general request is made to all machines.

however, it does mean that when you send information you are actually sending it to all machines.

if you run a program like snort or ethereal then you just listen to the network and don't generate any extra traffic.

you'll fine that on a switched network, in passive modes, you'll only see traffic eitheron the hub that you are on, (but not other hubs that maybe conected to a switch that you are also on), or just your own traffic if you are directly in a switch or router.

And you rarely see hub's on modern networks.

Oh well just run ARP posioning on a gigabit switch on the backbone
__________________

DJ-CHRIS is offline   Reply With Quote
Old 04-29-2006, 10:36 AM   #12
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 8,003
Default Re: Testing Snort

eh? rarely see hubs?

Hubs are still very much all over the place in businesses, perhaps people no longer buy hubs because switches have a greater networkability and don't cost that much more (any more), but lots of places still have legacy networks...

I'll be willing to bet there are businesses out there that are still using bnc 10base co-ax networks.
__________________

__________________
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."
root is offline   Reply With Quote
Old 05-02-2006, 07:06 PM   #13
Solid State Member
 
Join Date: Oct 2005
Posts: 10
Default Re: Testing Snort

Thanks for the help guys but it has come a bit late, I handed my report in last Friday. If you want to discuss what I found feel free to continue this thread or PM me.
mudderfacar is offline   Reply With Quote
Old 05-03-2006, 07:17 AM   #14
Golden Master
 
DJ-CHRIS's Avatar
 
Join Date: Apr 2006
Posts: 5,203
Send a message via AIM to DJ-CHRIS Send a message via MSN to DJ-CHRIS Send a message via Yahoo to DJ-CHRIS
Default Re: Testing Snort

Quote:
Originally Posted by root
eh? rarely see hubs?

Hubs are still very much all over the place in businesses, perhaps people no longer buy hubs because switches have a greater networkability and don't cost that much more (any more), but lots of places still have legacy networks...

I'll be willing to bet there are businesses out there that are still using bnc 10base co-ax networks.
Definitely not from what I have seen around here. Everything is 100mb networks or better from any real kind of buisness. You occasionally see 100mb hubs still however. This may be different in really small buisnesses or other city's however.

I also have piles of 10baseT hubs :P
DJ-CHRIS is offline   Reply With Quote
Old 05-04-2006, 11:36 AM   #15
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 8,003
Default Re: Testing Snort

actually,
I can tell you for sure I know of at least one business that still uses 10base BNC networks, and runs windows 98 as well on their production line, and they are the UKs largest manufacturer of insultation products.

(they are looking to upgrade I might add, but even so).

there are even some deparments in the Uni wher I work here that have some groups of old machines in labs that are setup running windows 98, 10base networking and are still used daily, simply because the machines that they control don't have any more current software, or the software that does run them is too expensive to warrant an upgrade.
I know that this is true of all the labs in the department I work in, all gas anaylsis and blood anaysis machines are all running windows 95, or windows 98 (at the moment). most clusters still have arcaic networking as well!

true, if you are in a big business (or a new business) then they probably have new stuff, but if a business is small, and doesn't warrant spending money on stuff that isn't broken, (or even if the business is huge, (like the uni here), they still may not upgrade everything...

And I really doubt that the uni where this guy wanted to do his testing was all that greatly equiped either. as a general rule, most unis have lots of shiny new equipment on display, but lots of dodgey old gear hidding in the backgrounds holding everything together!
__________________

__________________
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."
root is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 08:13 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0