Hacking, Old-School

When you mention hacking in the general public, the image most people think of is a nerdy guy breaking into a computer system from his bedroom. This month, I take a look at some of the tools available to do exactly that. Of course, this is for information purposes only, so please don't do anything nasty. Remember, with great power comes great responsibility. Most people have heard of tools like Nmap or Nessus, but here I look at some other available tools for playing with networks.

The granddaddy of network utilities is tcpdump. This utility simply listens to all network traffic going by and records the packets for later analysis. If you have more than one network interface, you can select which one to listen to with the option -i interface. By default, tcpdump puts your network card into promiscuous mode, so it can record all packets that exist on the network cable. If you want to limit the packets recorded simply to those destined for your machine, use the -p option to turn off promiscuous mode. Lots of options are available to tcpdump, so check out the man page for more details.

Say you want to find out what machines exist on your network. Several tools can do this by actively sending out queries on the network. The problem with this technique is that you end up creating traffic on the network, which may be noticed by a good network administrator. A way around this is to use the tool p0f. This utility uses passive techniques to try to guess what machines exist on the network and properties about those machines. If you have more than one network interface, you can select which interface to use with the option -i interface. p0f can work with tcpdump files. If you have a tcpdump file that you created earlier, you can make p0f use it rather than live capture with the -s file option. You also can use p0f to record network traffic into a tcpdump file with the -w file option. If you're using p0f in a script, use the -o file option to dump the output into a text file for later perusal.

By default, p0f looks only at network packets that are addressed to the machine where it is running. To look at all the packets that go by on the network, you need to set the card into promiscuous mode with the -p option. By default, p0f sees machines only when they open new connections. You can try to guess what's going on with already-opened connections with the -O option. This option can generate a lot of data, so you probably won't want to use it for an extended period of time.

More and more often, machines actually are located behind routers and NATs, so they don't really show up as individual machines. You can try to identify these types of machines with the -M option. This uses the masquerade-detection algorithm to try to identify individual machines in these situations.

Once you know what machines exist on the network, you may be interested in what traffic is traveling to those machines, as well as who is generating this traffic. You can use dsniff to see the user names and passwords being used to access services on the network. It can handle many different protocols, such as FTP, HTTP, POP, IMAP, X11 and many others. You can tell dsniff on which interface to listen with the -i interface option. Like most network tools, you can read previously recorded network data with the -p file option. Alternatively, you can use dsniff to record the network data rather than parsing it with the -w file option. You can enable automatic protocol detection by using the -m option. This can give you some of the gory details about people on your network.

Now that you know some details about your network, and the people on it, you may want to check the security of some of the services provided. One common target for security problems are Web servers. You can use the nikto tool to assess your Web server's security. Select the host with the -h hostname option. If you have a series of hosts you want to check, place the hostnames (or IP addresses) in a text file, and hand them to nikto with the -h file option. The default port nikto looks at is port 80. If you want to check out a Web server on some other port, simply use the -p port option. Tons of extra options exist in terms of what specific security issues to test for, far too many to mention here. See the manual at the project's home page for more information (cirt.net/nikto2).

The hack I cover this month is how to check your own backyard. Many people will use this kind of knowledge for nefarious purposes. A utility you can use is chkrootkit. This utility analyzes your systems and tries to determine whether they've been tampered with. You can get a list of the tests it can perform with the -l option. With the standard install on my Ubuntu box, chkrootkit has 69 available tests. You can check things like whether ls has been infected, or you can check for evidence of rootkits that may have been installed. Hopefully, you won't find anything when you run chkrootkit.

Now you have a few new tools you can use to play around with your networks. Hopefully, you won't find anyone doing anything nasty. And remember, if you are going to use these tools, be sure you have permission before you do anything that might be frowned on. Other than that, hack away and keep learning.

photo credit: © Štepán Kápl/Shutterstock
______________________

Joey Bernard has a background in both physics and computer science. This serves him well in his day job as a computational research consultant at the University of New Brunswick. He also teaches computational physics and parallel programming.

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Free speech?

Anonymous's picture

Talk about free beer and free speech huh?

better than tcpdump

Y.Chaouche's picture

tcpflow.

or iptraf

Y.Chaouche's picture

there's also iptraf that I discovered today, beautiful live monitoring tool with an ncurses interface.

Excellent article

n00bsys0p's picture

Great article. While I'd heard many good things about tcpdump for network analysis, I'd never 100% understood its usage. This helped to fill in the gaps well. Just in time for me to use it to detect the network latency problems we're experiencing! I reckon I'll look into Wireshark in a little more depth too... Thanks!

Hacking

Wezza's picture

Ok you could do bad things with some of the software and networking applications, but if you are trying to learn how things work by using the software, and what actually does what in the software, without reading pages and pages of instructions.To find out what effect it has on your network, and how it gains access to your pc what ports and protocols it opens is hacking but if you dont destroy your info or anybody else's then this is ethical. I find myself by using and not being scared to use some software i learn.

The war on the word 'hacking' has been lost

Jorma's picture

As the author says: 'When you mention hacking in the general public, the image most people think of is a nerdy guy breaking into a computer system from his bedroom.'

In general language 'hacking' has largely become a synonym for 'computer crime'. It has just happened, as language related to computer technology has evolved.

Computer experts can spend endless hours in trying to explain the original differences between 'hackers' and 'crackers'.

Those hours could be spent more productively.

If you want to call yourself 'hackers', do not be surprised if that raises suspicion.

But maybe that is just the point. Being a hacker sounds like living dangerously. If you express a desire for dangerous living, you advertise good condition of your genes to potential mates.

If you want to do business, call yourself a computer expert. If you want lead a quiet family life, admit you are a nerd.

Just do not try to change language. Language is an overwhelming social force.

Inconsistent use of Hacking

Frederik's picture

Funny thing is that hacking when not tied to computers is often used in the traditional -correct- sense, i.e. not as in meaning cracking.

Hacking definition

Red_flair1's picture

My definition to HACKING is:

"A creative solution to an interesting problem" let's keep it that way!!

google chrome - does not let save the page in PDF

marco antonio's picture

Hi,

I read your article and it is very interesting because one can learn network tricks that may be useful in the everyday work.

I disagree with Umar Rizwan in the point that the article is not intended for one to use it as a means of doing illegal things, but to use it to augmentate the skills one has to do a particular job.

For example, I work with laserjet software, and many times under windows server 2008 there are communication issues and i do not have a clue on why these kind of things happen, with these tools i can find out if a networked laserjet printer or multifunction printer is properly communicating with a server, for example.

I also wanted to let you know that when I tried to save the page in PDF format using google chrome I had an issue, it happens that just when reaching the save dialog the page is made blank and it only shows a folder icon with a pity face on it, and it reads something like: "Aw, snap! Something went wrong while displaying this web page. To continue, press Reload or go to another page."

The above thing did not happen using Mozilla Firefox. I use Ubuntu Ultimate 2.8 updated regularly.

Thanks and sorry for my poor english as it is not my mother tongue.

hacking is a crime

Umar Rizwan's picture

hacking is a crime

Nonsense

Kevin Bush's picture

Here's an article I wrote shortly after my daughter's first birthday that explains what hacking is, and why it is far from a crime.

http://offmygourd.wordpress.com/2010/04/13/why-i-want-my-daughter-to-be-...

Thanks,

Kevin

Kevin Bush is a Linux systems admin, dad and book-lover who spends far too
much time tinkering with gadgetry.

Nice note

amaximo's picture

I read and liked your note... it brought me memories of that book, A Hacker Manifesto by McKenzie Wark...

...but be careful

Anonymous's picture

Those pesky law maker types are always trying to make modifying our own things illegal. Take for example, what has been happening with ad blocking hacks...

http://news.cnet.com/Web-ad-blocking-may-not-be-entirely-legal/2100-1030...

http://www.broadbandreports.com/shownews/Are-Ad-Blockers-Illegal-87575

If you don't conform to what the man wants, you are a criminal.

Don't worry.

Anonymous's picture

I am curious to see how that would play off.

Sites depend on "viewership" (if that word doesn't exist I just coined it), and viewers on the Internet are put off by strong-handed tactics. Sites that force the victim - I mean, visitor - to subject him/herself to a bombardment of ads *and* forbid the use of ad-blockers will soon put themselves out of business.

The legality of ad-blockers is another matter, but I don't think the law has a say in that. The Internet is supposed to be public and, if your are showing yourself or your business to the public, you have no right to control the access of the public to what you are showing. If you don't want to go public, go somewhere else, not the Internet. There are very few exceptions to this rule - none of which relating to the ads battle.

Of course, I am oversimplifying. But that's more or less it.

> "Sites that force the

The Cheesy Banshee's picture

> "Sites that force the victim ... to subject him/herself to a bombardment of ads *and* forbid the use of ad-blockers will soon put themselves out of business."

One would think the same sites that lose revenue to support streaming of said videos would also, "soon put themselves out of business."

It takes an audience, providers and advertisers to bring you the content you're ingesting.

Catch-22, then?

Anonymous's picture

Hmmm, what a dilemma!

If the site I am visiting craps on me with irritating, distracting, bandwidth-eating, obnoxius ads, and does not allow me to block then, I will not visit that site anymore. They will lose audience, therefore will lose ad revenue, therefore will go out of business.

If the site does not force ads down my throat, the site is not "aggressive" and the advertisers won't waste money on it. It will lose revenue and go out of business.

"Oh", I wonder, "how does the Internet keep itself alive?"

i remember...

Anonymous's picture

I remember a time when there where absolutely no ads on websites. Then the erotica ads came. Now they advertise everything.

I long for the past

Anonymous's picture

"I remember a time when there where absolutely no ads on websites."

Ahhh, the good 'olden' days...

Thank you!

Anonymous's picture

Just read your post over there. Loved it. Agree with it one thousand percent! :-)
Thank you.

hacking is a crime The law

Anonymous's picture

hacking is a crime

The law prefers to define things in more concrete terms, like "unauthorized access".

You are perfectly within your rights to hack whatever you have authorized access to.

hacking is a crime

Umar Rizwan's picture

hacking is a crime

What...

Anonymous's picture

I can't even begin to describe how I loathe cliché-repeating morons like you...

trolling is the real crime here, Umar

digitalmouse's picture

so please stop spouting non-sense you can't back up with facts. the term 'hacking' has been used for a long time to mean 'creative solutions to difficult problems'. it's only the media in the last 30 years who have perpetuated the myth that hacking is *only* for illegal things.

someone who fixes your car with a clothes hanger and rubber band? a hacker.

an astromomer who figures out a better way to control a telescope? a hacker.

solving a crime thought to be impossible to solve? a hacker.

get over it people.

:-)

Anonymous's picture

Hey, dude, you replied to the wrong guy/post... :-)

It is one above.

Good article

Dave H's picture

I've used Wireshark and nmap to look around networks. These days most (cr|h)ackers use something like Metasploit to do the work for them.

jackal

Lovely Jackal's picture

I hadn't come across p0f or nikto before, will check them out.

For viewing tcpdump files Wireshark is quite useful (can also capture them itself of course).

Nice Article

Ewen's picture

I hadn't come across p0f or nikto before, will check them out.

For viewing tcpdump files Wireshark is quite useful (can also capture them itself of course).

Thanks

purencool's picture

I have wondered how I can have a look around new networks that I oversea
p0f and nMap I think are the answer to my problems. Thank you

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix