wired network security
Michael Butash
michael at butash.net
Mon Nov 3 12:56:04 MST 2014
On 11/02/2014 02:46 PM, Bob Holtzman wrote:
> Dandy, but looking at source code tells a nonprogrammer (me) little.
>
> I guess I'll just coast along with https for the important stuff even
> tho I've read that it can be spoofed.
>
I only read source code when I have to figure out obscure driver error
conditions on garbage code. Or morbid curiosity.
Really what i mean is seeing what is opening sockets on your box and
transmitting data. Use of "iftop", tcpdump, wireshark, or other
applications will show you this in the way of open socket/port
connections. Use of "ss" or "netstat" with various flags (that I've
posted before for Havens) to see what is opening listening sockets or
establishing connections out. From there you can examine the packets,
might be amazed to see readable ascii flying past in the network data
payloads.
Used to be fun to sit on the office switch on a span/monitor port doing
network diagnostics when you begin to see people's credentials coming
across too. Learned what dsniff was for then for some fun quite early
on in my career to harvest credentials of my buddies to torment. ;)
Started enforcing SSL and encryption for myself shortly after.
-mb
More information about the PLUG-discuss
mailing list