Using tshark to find the man in the middle
This post is targeted at people that understand ip addresses, default gateways and have heard of arp, but don’t play with them often enough to realize how vulnerable we are to man in the middle attacks. Back in the old days, the network hardware was often a hub, and hubs had a property that all the computers connected to a hub could see each others traffic. This meant if my computer and tori-the-lori were on the same hub tori-the-lori could see all my network traffic. This sound like weak security. In time the world invented switches, and now almost all networking uses switches. Switches differ from hubs in that computers only see traffic that is sent to them, not everyone's traffic. This difference should fix the weak security right? Well, as with most things security the devil is in the details. Lets dig in. When a computer wants to talk another computer by IP address, it needs to find the MAC address for the IP address, this is done via ARP. Le...