[Skullmeat]

There's really no way to get caught doing something like this if you're on the same LAN as everyone else as long as your computer's name isn't anything that personally identifies you. I'd do it in the bathroom though considering the fact that cameras + network traffic timestamps can get you caught.

With regards to actually capturing data, there's plenty of shit you can find by googling "how to sniff traffic of computers on your network"

This is so wrong I dont know where to begin. First off, routers and switches extensively monitor what goes in and out of them. In addition, a properly configured switch will have port management. In fact the cisco devices have mac address limits imposed, possilby even static ones. Attempt to access that port with the wrong mac and the link goes down. The switch will shut off the port. Its even possible that the system will alert the admin of the violation, essentially giving your location away. Then theres the matter of vlans. Most networks have vlans seperating their less secure public networks from their secure, mission critical ones. Finally theres Access Control Lists. The firewall will allow or deny access from one network to another, and the options can even be specified down to a specific host. Again, unauthorized access attempts will likely trigger an alert. And security will be on your ass in a hurry, depending on how sensitive their system is. It's still possible to get around these measures, as no system is completely secure, but someone with your knowlege isn't going to be able to pull it off.

[x n]

There's really no way to get caught doing something like this if you're on the same LAN as everyone else as long as your computer's name isn't anything that personally identifies you. I'd do it in the bathroom though considering the fact that cameras + network traffic timestamps can get you caught.

With regards to actually capturing data, there's plenty of shit you can find by googling "how to sniff traffic of computers on your network"

This is so wrong I dont know where to begin. First off, routers and switches extensively monitor what goes in and out of them. In addition, a properly configured switch will have port management. In fact the cisco devices have mac address limits imposed, possilby even static ones. Attempt to access that port with the wrong mac and the link goes down. The switch will shut off the port. Its even possible that the system will alert the admin of the violation, essentially giving your location away. Then theres the matter of vlans. Most networks have vlans seperating their less secure public networks from their secure, mission critical ones. Finally theres Access Control Lists. The firewall will allow or deny access from one network to another, and the options can even be specified down to a specific host. Again, unauthorized access attempts will likely trigger an alert. And security will be on your ass in a hurry, depending on how sensitive their system is. It's still possible to get around these measures, as no system is completely secure, but someone with your knowlege isn't going to be able to pull it off.

Here comes another guy wanting to make me seem wrong who I have to tell why they're wrong...

First of all, the OP is talking about a local public library, all of which have public guest networks, which is the network the OP presumably would be capturing traffic from, so there goes your "VLANs will stop this" and "lol do u even kno wat an ACL is noob?" arguments. Secondly, a MAC address limit isn't going to stop an ARP poisoning attack which I'm 99% sure is what the OP had in mind when he said "capturing passwords from the network". MAC address limiting is a countermeasure for MAC overflow attacks, but I'm sure you didn't know that since the entirety of your post came from googling "switch security measures" and finding http://www.ciscopress.com/articles/artic...?p=1181682. The only thing that will stop ARP poisoning in this scenario is dynamic ARP inspection paired with DHCP snooping (and ARP spoofing detection software which a public local library isn't going to pay for or take the time to implement properly), which a random local library guest network isn't going to have; a static content addressable memory table isn't even going to exist in this case considering it's a guest network where hundreds of different people would be connecting and disconnecting every day. No links would be going down and no location would be given away because the OP would be connecting through a wireless interface.

The funny thing is that my post wasn't even about the ways he could go about capturing traffic and hacking stuff, it was just about what to do to prevent getting caught, yet you changed the subject to how the attack could be mitigated and made yourself look like you had no idea what you were talking about for no reason. It was a good effort though. If you're going to take all of your information from a cisco article and present it as if you already knew it then at least include a link at the bottom. If you're genuinely interested learning more about this kind of stuff then then look up switch spoofing and double tagging since I've already told you about MAC overflows and ARP spoofing.

[phyrrus9]

The funny thing is that my post wasn't even about the ways he could go about capturing traffic and hacking stuff, it was just about what to do to prevent getting caught, yet you changed the subject to how the attack could be mitigated and made yourself look like you had no idea what you were talking about for no reason. It was a good effort though. If you're going to take all of your information from a cisco article and present it as if you already knew it then at least include a link at the bottom. If you're genuinely interested learning more about this kind of stuff then then look up switch spoofing and double tagging since I've already told you about MAC overflows and ARP spoofing.

Then I can solve this issue pretty quickly. If that's not what this thread is about, then your conversation is off topic, so either bring it back on topic or make your own thread for bragging about your sausage.

[Skullmeat]

I did already know. I just finished the CCNA course less than a month ago. What I told you was discussed and practiced in the course. Everything I put there came from what I learned and is in my head. Just because you've managed to compromise a few consumer grade networks doesn't mean you have what it takes to do it to hardened, enterprise level ones. Instead of acting like you know everything its better to listen to the people here who do know about the topic at hand. You might learn something. If you continue to act like that no one here is going to help you.

[mothered]

The OP's question: Do any of you guys have recommendations for being safe and preventing capture?
I explained that as long as he doesn't name his computer something that is personally identifiable and as long as he goes to the bathroom to avoid cameras he won't get caught

If you believe that's all It takes to anonymize one's activity (even publicly), you're under a huge misapprehension.

Despite MAC addresses of the device Itself remain within the local/Internal network, they can be leaked, so too with the OS, Browser, User agent, Cross browser fingerprinting on an OS & hardware level, Transparent DNS proxy (ISP-based forcing/Intercepting DNS requests to use the ISP's DNS servers, more so locally-based), social media/login leaks (Identifies all accounts actively logged In), Canvas fingerprinting and not forgetting the array of data leaked just by having JavaScript enabled. There's heaps more, but let's keep this simple.

On their own, they may not serve an effective enough purpose to Identify the device and user. However the objective Is to create a complete profile (on all data collected), thereby formulate a fingerprint of the user/device In question. It's like your family name, given name and date of birth. On their own they have very little value. Combine the lot, and that's your profile- your fingerprint.

[Skullmeat]

To answer OPs question: It depends on the envrioment. If its a goverment owned library I wouldn't attempt it. Those are under heavy regulations and take breaches very seriously. If you want to go sniffing, your best bet is poorly secured places like coffee shops. If you are doing ARP poisoning, inteligence gathering is a must. MITM the whole network and most laptops will just crash or bog down, causing a denial of service. That would probably get thier attention. Do your best to identify potential targets and take them on one at a time. Another good idea is a long range antenna. The further away you are the less of a chance of being seen. If you must be on site, a raspberry pi is a great tool, since they are small and easily concealed.

[x n]

The OP's question: Do any of you guys have recommendations for being safe and preventing capture?
I explained that as long as he doesn't name his computer something that is personally identifiable and as long as he goes to the bathroom to avoid cameras he won't get caught

If you believe that's all It takes to anonymize one's activity (even publicly), you're under a huge misapprehension.

Despite MAC addresses of the device Itself remain within the local/Internal network, they can be leaked, so too with the OS, Browser, User agent, Cross browser fingerprinting on an OS & hardware level, Transparent DNS proxy (ISP-based forcing/Intercepting DNS requests to use the ISP's DNS servers, more so locally-based), social media/login leaks (Identifies all accounts actively logged In), Canvas fingerprinting and not forgetting the array of data leaked just by having JavaScript enabled. There's heaps more, but let's keep this simple.

On their own, they may not serve an effective enough purpose to Identify the device and user. However the objective Is to create a complete profile (on all data collected), thereby formulate a fingerprint of the user/device In question. It's like your family name, given name and date of birth. On their own they have very little value. Combine the lot, and that's your profile- your fingerprint.

I don't know how you gathered that what I said is what I think is all someone needs to do to anonymize themselves. I was responding to OP and his circumstances specifically. You're assuming that the OP is going to use a browser at any time during this, but an ARP poisoning/spoofing attack doesn't require browsing on the attacker's end at all, so I didn't allude to precautionary measures that need to be taken while browsing whatsoever. You're also assuming that the OP isn't a skid and is going to use a personally identifiable OS with all of his personally identifiable configurations and plugins and stuff on it, but let's be honest, the OP is going to be using Kali Linux to carry out this attack because he's a skid. So let's see what you have left -

Despite MAC addresses of the device Itself remain within the local/Internal network, they can be leaked, so too with the OS, Browser, User agent, Cross browser fingerprinting on an OS & hardware level, Transparent DNS proxy (ISP-based forcing/Intercepting DNS requests to use the ISP's DNS servers, more so locally-based), social media/login leaks (Identifies all accounts actively logged In), Canvas fingerprinting and not forgetting the array of data leaked just by having JavaScript enabled.

The MAC address of any device on a network isn't going to be leaked to the internet except in certain implementations of IPv6 or if the OP runs a java applet; nobody uses java applets anymore (not to mention ones that are just gonna make your MAC address public) and IPv6 can be turned off (it's turned off by default on many systems) not to mention most of those specific implementations of IPv6 are now obsolete. Even if everything I just said wasn't true, in many countries things like IP addresses and MAC addresses aren't allowed to be used for PII in court cases regarding security breaches.

Despite MAC addresses of the device Itself remain within the local/Internal network, they can be leaked, so too with the OS, Browser, User agent, Cross browser fingerprinting on an OS & hardware level, Transparent DNS proxy (ISP-based forcing/Intercepting DNS requests to use the ISP's DNS servers, more so locally-based), social media/login leaks (Identifies all accounts actively logged In), Canvas fingerprinting and not forgetting the array of data leaked just by having JavaScript enabled.

I'm not sure whether you meant your MAC address will be leaked through the ISP-provided DNS server (eventually leading to getting caught) or if you meant the DNS server someone uses is data that can be used to personally identify them, but either way you're wrong. The DNS server you'd be forced to use would depend on what the library's guest network forces you to use, unless you configure DNS on your computer to use whatever you configure it to use (which no OS does by default, and which the OP is too skiddy to figure out how to do). With that having been said, for one, the MAC address 99% of the time won't be getting leaked for reasons stated above, however the library would already have your MAC address so it wouldn't make much of a difference either way. Secondly, like I just said, if by what you said you meant the DNS server someone uses is data that can be used to personally identify them, that wouldn't make sense considering they'd only be using the library's forced DNS server for as long as they're on the library guest network.

[x n]

I did already know. I just finished the CCNA course less than a month ago. What I told you was discussed and practiced in the course. Everything I put there came from what I learned and is in my head. Just because you've managed to compromise a few consumer grade networks doesn't mean you have what it takes to do it to hardened, enterprise level ones. Instead of acting like you know everything its better to listen to the people here who do know about the topic at hand. You might learn something. If you continue to act like that no one here is going to help you.

Whether it's what you practiced in your course or not doesn't matter, you were incorrect to mention it in this case. Sorry that I stepped on your pride and made you look like an idiot for being completely wrong, but -7'ing someone isn't going to make them agree with you nor is it going to make you correct. Would it really have killed you to say something like "I was wrong, sorry" like I've already done in a case where I was wrong since joining this forum? It's funny how you're implying I don't know anything and that you and others who have responded to me know everything when I've consistently told all of you why you're wrong and none of you have been successful in telling me why I'm wrong, and now you're doing what anyone with a damaged ego would do, and you're attacking me rather than the substance of my argument because you know you were wrong. Thanks. I genuinely don't know why everyone hates me, I haven't insulted anybody (save for when they insult me first) and all I've tried to do is help people, but there's always a user who thinks they have to look like the smartest person ever and when they try to tell me I'm wrong, I respond with why I'm not wrong and I end up getting -7'd. It's pretty comical.

P.S. - a public library's guest network isn't going to be a hardened enterprise network, which is why I didn't treat it as such.

[phyrrus9]

I did already know. I just finished the CCNA course less than a month ago. What I told you was discussed and practiced in the course. Everything I put there came from what I learned and is in my head. Just because you've managed to compromise a few consumer grade networks doesn't mean you have what it takes to do it to hardened, enterprise level ones. Instead of acting like you know everything its better to listen to the people here who do know about the topic at hand. You might learn something. If you continue to act like that no one here is going to help you.

Whether it's what you practiced in your course or not doesn't matter, you were incorrect to mention it in this case. Sorry that I stepped on your pride and made you look like an idiot for being completely wrong, but -7'ing someone isn't going to make them agree with you nor is it going to make you correct. Would it really have killed you to say something like "I was wrong, sorry" like I've already done in a case where I was wrong since joining this forum? It's funny how you're implying I don't know anything and that you and others who have responded to me know everything when I've consistently told all of you why you're wrong and none of you have been successful in telling me why I'm wrong, and now you're doing what anyone with a damaged ego would do, and you're attacking me rather than the substance of my argument because you know you were wrong. Thanks.

P.S. - a public library's guest network isn't going to be a hardened enterprise network, which is why I didn't treat it as such.

Look buddy, you've brought this thread far enough off topic. Nobody is claiming they know everything, we're just claiming that you don't, which you've proven. If you want to claim someone is wrong, go ahead and be my guest, but you need to cite sources. We're all here to teach and learn, and neither is accomplished by calling people idiots.

[Satan]

Would it really have killed you to say something like "I was wrong, sorry" like I've already done in a case where I was wrong since joining this forum?

When did this part happen, because your post history has no instance of you ever admitting to being wrong from what I have found.


This thread should be closed, or split into a different topic for these posts.