How do I set up Wireshark to capture man in the middle attacks on broadband service like cablemodem or dsl asked 23 Nov '10, 10:03  Martok edited 29 Feb '12, 19:00  cmaynard ♦♦ |
One Answer:
There isn't an easy answer for this. What kind of MITM attacks are you worried about? To capture it on a cable modem you'd have to capture layer frames on the cable modem itself and look for signs of arp poisoning. For DSL there SHOULDN'T be a way for a layer 2 MITM attack. If you're talking about some kind of internet based / layer 3-4 attack..well, that's difficult too. If you suspected someone is attempting to perform a MITM attack to hijack your SSL session you'd need to monitor all of your packets in/out. You'd be sure to capture the SSL handshakes and cert exchanges. Then, on another computer, you'd have to verify the certs yourself - insure that you were given a forged cert. To do this successfully, however, the attacker would also have to hijack your DNS requests, CRL requests, etc. answered 23 Nov '10, 10:31  GeonJay |
