HP 635n Practical IPsec Deployment for Printing and Imaging Devices - Page 12
Refer to Inserting a Repeater
UPC - 882780301016
View all HP 635n manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 12 highlights
a given port number. As the Ethernet switch learns about which devices are on which ports, it can forward the traffic to those specific ports and not bother stations on other ports. So, what does the difference between an Ethernet repeater and an Ethernet switch have to do with anything? Well, based upon the description, we know if we are going to be listening into an Ethernet conversation, it would be easiest if the device of interest was connected to an Ethernet repeater. The next question is: What tool listens to Ethernet Conversations? One of the most useful tools that can be downloaded from the Internet for free is Wireshark (previously known as Ethereal). Wireshark is a network sniffer - it listens to network conversations (Ethernet as well as other networking types) just like a paranoid parent would listen to their teenager's conversation. Referring back to Figure 7 - Networking Model, we see that a workgroup switch is in use. While we could use Wireshark to listen in to an Ethernet conversation in this model, it would be like a parent trying to listen to a teenager on the phone but not being on the right phone line - we probably wouldn't hear anything. Our attacker Jane did a little reading on the Internet about Switches versus Repeaters. She knew that in order to listen to an Ethernet conversation the MFP was having in the secured room, she would need to somehow put an Ethernet repeater on the network. Amazingly, she discovered that the workgroup switches were out in the open on the floor she worked on. They had a small cubical door with a lock on it, but Jane being the athletic type could easily jump it and install a hub after hours. After all, Jane put in some late hours with this company and at times, she was the only one on her floor. One night, Jane jumped the little locked door and looked at the switch. There must have been fifty cables connected to it! Which one was the MFP? Then, Jane noticed that they were all labeled with some obscure numbers where one portion seemed to increment sequentially. For example, one cable was labeled B3-1572D and the next was B3-1573D. The next question was - what cable was connected to the MFP? If she had access to the MFP room, she could have just checked the label, but she didn't have access to the room. Jane noticed that the network connections in her cubical had a similar naming scheme. On a sudden insight, she went to all the conference rooms on her floor and wrote down the labeling that appeared on each of their network connections to the room. Through deductive reasoning, she calculated the labels for the Secured MFP room. Jane knew that if she connected her cubical connection and the Secure Room connection on an Ethernet Repeater, then connected the Repeater to the existing workgroup switch, there would be no loss of connectivity and she would be able to listen to Ethernet conversations to and from the MFP using Wireshark. Then she thought a minute - what if the repeater was discovered? Having her cubical connected to it would be a dead giveaway that she was the culprit. Better to connect an open conference room to it and then watch for opportunities to capture Ethernet conversations. Working late one night, Jane installed the Ethernet repeater by connecting the Secured MFP room and an open conference room together on the same repeater, then connecting the repeater back to the switch. Refer to Figure 10 - Inserting a Repeater 12