I tested windump and ethereal
if I understood their operation well, they intercept the packages entering on my PC

but if I want intercetper packages which are not intended to me
for example:
my ip: 66.66.66.66
i want sniff 200.200.200.200 port 21
i don't know user and pass to connect me 200.200.200.200 port 21
I do not have any accesses to 200.200.200.200

is it possible to intercept?
thank you for your lights

If i understand your question correctly... Its not possible.

Im no expert at sniffing, but I think you have to be on the same Local Area Network as the pc you want to sniff. The information you want to sniff is send out to the hub you are both connected to, packets are send with a destination ip in the header, the hub sends the packet to all the pc's connected to the hub, and the computers read the packet head.

If the packet contains the computers ip, it accepts the packet. The sniffer fakes the given ip adress(200.200.200.200) and also accepts the packet.

If its connected to a switch, you have to use a sniffer that uses APR to sniff.

This flash should explain it:
http://www.oxid.it/downloads/apr-intro.swf


Im no expert so please correct me if i got anything wrong:p

you understood my question well
but I remember the history with a government which intercepted all the e-mails with key words like attack terrorism etc...

and I do not think the government controls all the servers e-mail of the world they must thus intercept some share with a sniffer
It is what makes me think that possible

maybe you think of echelon? but thats far from beeing a sniffer run on a puter :)
http://en.wikipedia.org/wiki/ECHELON

to intercept Hertzian waves I do not think that it is quite hard
the waves go from everywhere

but for rope drives, it is not the same thing

"i want sniff 200.200.200.200 port 21" what a request lol, you wanna sniff cocaine so ?

"i want sniff 200.200.200.200 port 21" what a request lol, you wanna sniff cocaine so ?

haha :P


The only way you can sniff a login and pass on 200.200.200.200 is that one of the pcs in your own lan has a user account and password on 200.200.200.200. Then you sniff all his outgoing connections.

Another way is to hack it with any other exploit and get the config file of the ftpd and crack the hashes, or start the sniffer on the hacked pc.

thanks ZoraX
It is well what I feared.
But certain people praise themselves to be able to return anywhere.
I wanted to be sure of their lie.


i want sniff 200.200.200.200 port 21" what a request lol, you wanna sniff cocaine so ?


I'm plied de rire!!!!
:D

hahaha :)
damn sometimes i am silly.. ok!

FYI, Winpcap now offer remote-sniffing capability, you only need to own this box first :P

I am telling you one of my beauty expriences , it may help
long long ago in galaxy far :p
here we still use dial up so we need a user and pass and we should buy it and it needs money of course which I never had . I needed some passwd to stay on the net so I searched for a weak isp . I found one with their accounting system online after their router so I was "not" on the lan , all I did was exploiting the http server on the cisco router behind the accounting system after that I put some backdoors there to copy packets into a log file , yea dont doubt I ripped many passwds and I was free for like 3 months :p
Dosing an internet router can be a trouble but hack a router on the net can cause a very big trouble and no need to be on the lan itself a user on the lan may use the internet and a router connecting lan to the internet is present .
any just wanted to tell a simple example :/

dialup ? what is this ? HAAAAA yeah I remember now ;DDDDD LOL

How work WinCAP?

hmm... Maybe you can Sniff other networks witch are not connected to you withe the power of your mind... just concentrate... feel the packages man !

*hrhr*

now serious, i think this is impossible.

How work WinCAP?


im guessing ur talking about WinPcap ??
a quick google search got me to the homepage:
http://www.winpcap.org/


In here there are documents and faq..

so i guess the answer to the question is: RTFM!!!

(and always google it before you ask!)