I''m considering adding a seperate subnet to my loc network making loc1 (192.168.1.0/24) and loc2 (192.168.0.1/24) with the goal of seperating my wireless traffic from my wired LAN traffic. Has anyone had success doing this, or is it still possible to sniff the traffic of a seperate zone on the same interface with tools like ettercap?
Ryan wrote:> I''m considering adding a seperate subnet to my loc network making loc1 > (192.168.1.0/24) and loc2 (192.168.0.1/24) with the goal of seperating > my wireless traffic from my wired LAN traffic. > > Has anyone had success doing thisYes -- shorewall.net/myfiles.htm , or is it still possible to sniff the> traffic of a seperate zone on the same interface with tools like ettercap?I''m unable to parse that phrase. If you are asking if it is possible to sniff traffic on one LAN segment from another LAN segment that has no bridge/switch in common then the answer is "No". If you are asking something else then please ask again and try to make yourself clearer... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ lists.shorewall.net/teastep.pgp.key
Ryan wrote:>>If you are asking something >> else then please ask again and try to make yourself clearer... > > I have a shorewall box''s eth0 (192.168.1.0/24) and eth0:0 > (192.168.10.0/24) interfaces connected to a switch. I have an access > point and another machine connected to the switch. The access point is > hardcoded with 192.168.10.2 and my wireless laptops are hardcoded > 192.168.10.3-5. > > My desktop is 192.168.1.2 or 3 (DHCP being shared with a Vonage ATA). > > From my desktop on the 192.168.1.0 network, will I be able to sniff > traffic using a tool that manipulates ARP traffic and can sniff switches > (like ettercap.sourceforge.net ) ?Yes. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ lists.shorewall.net/teastep.pgp.key
>If you are asking something> else then please ask again and try to make yourself clearer... I have a shorewall box''s eth0 (192.168.1.0/24) and eth0:0 (192.168.10.0/24) interfaces connected to a switch. I have an access point and another machine connected to the switch. The access point is hardcoded with 192.168.10.2 and my wireless laptops are hardcoded 192.168.10.3-5. My desktop is 192.168.1.2 or 3 (DHCP being shared with a Vonage ATA). From my desktop on the 192.168.1.0 network, will I be able to sniff traffic using a tool that manipulates ARP traffic and can sniff switches (like ettercap.sourceforge.net ) ? Tom Eastep wrote:> Ryan wrote: > >>I''m considering adding a seperate subnet to my loc network making loc1 >>(192.168.1.0/24) and loc2 (192.168.0.1/24) with the goal of seperating >>my wireless traffic from my wired LAN traffic. >> >>Has anyone had success doing this > > > Yes -- shorewall.net/myfiles.htm > > , or is it still possible to sniff the > >>traffic of a seperate zone on the same interface with tools like ettercap? > > > I''m unable to parse that phrase. If you are asking if it is possible to > sniff traffic on one LAN segment from another LAN segment that has no > bridge/switch in common then the answer is "No". If you are asking something > else then please ask again and try to make yourself clearer... > > -Tom
Would connecting my Access Point to a third ethernet card on a seperate subnet keep anyone riding in on my wireless network from sniffing LAN traffic? Tom Eastep wrote:> Ryan wrote: > >>>If you are asking something >>>else then please ask again and try to make yourself clearer... >> >>I have a shorewall box''s eth0 (192.168.1.0/24) and eth0:0 >>(192.168.10.0/24) interfaces connected to a switch. I have an access >>point and another machine connected to the switch. The access point is >>hardcoded with 192.168.10.2 and my wireless laptops are hardcoded >>192.168.10.3-5. >> >>My desktop is 192.168.1.2 or 3 (DHCP being shared with a Vonage ATA). >> >>From my desktop on the 192.168.1.0 network, will I be able to sniff >>traffic using a tool that manipulates ARP traffic and can sniff switches >>(like ettercap.sourceforge.net ) ? > > > Yes. > > -Tom
Ryan wrote:> Would connecting my Access Point to a third ethernet card on a seperate > subnet keep anyone riding in on my wireless network from sniffing LAN > traffic?Yes -- that''s what I said in my first response... And that''s what I do -- for good reason. But I also protect my wireless network by requiring either IPSEC or OpenVPN plus I use MAC validation. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ lists.shorewall.net/teastep.pgp.key
I understand now, and it makes more sense after reading up on how ettercap works. I do the MAC authentication also, but unfortunately VPN or WPA isn''t an option for my hardware. Thanks for the help. Tom Eastep wrote:> Ryan wrote: > >>Would connecting my Access Point to a third ethernet card on a seperate >>subnet keep anyone riding in on my wireless network from sniffing LAN >>traffic? > > > Yes -- that''s what I said in my first response... > > And that''s what I do -- for good reason. But I also protect my wireless > network by requiring either IPSEC or OpenVPN plus I use MAC validation. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ lists.shorewall.net/teastep.pgp.key > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: lists.shorewall.net/mailman/listinfo/shorewall-users > Support: shorewall.net/support.htm > FAQ: shorewall.net/FAQ.htm > >