External IP address discovery by unauthorized client

[edzzzz]

Hi all, newcomer to this forum and WiFi security in general so advanced apologies for my ignorance.

Is it practically possible for an unauthorized client "sniffing" my network traffic through wireshark for example, to discover my network's external IP address?

Thank you for your time

[mShred]

Well in order to sniff your traffic, he'd have to be on the network. So if you have your network locked up and secured (prolly WPA2), then that'll reduce the possibility right there. Someone within your network could potentially sniff traffic, so you're gonna want to limit their privileges to ensure they can't do anything like that.
But to be honest, I'm not quite sure what you were asking with the whole external IP thing. It isn't hard for one to figure out your external IP. But that said, knowing it won't exactly do much damage either, depending. If you could elaborate more on your questioning as well as give us more detail about your network setup, then we may be able to help more.

[edzzzz]

Thanks for the the quick reply, excuse my incorrect use of terminology, again new to this.

So basically the scenario I was trying to describe is as follows. Someone not connected to my wireless network, but within it's broadcasting range, can launch wireshark (for example) and see packets associated with my network right? Now could that person obtain the external ip address (ie the ip address assigned to my network by my ISP) of my network via packet analysis in wireshark?

[mShred]

Like I said, the person would have to be connected to your wireless network from within the broadcasting range. They won't be able to sniff your internal traffic without being on your network. Although there are ways to sniff passwords from machines connecting to your network (that's all a little more technical). IF the person was connected to your internet, he could be able to find your external IP. The easiest way to do this would be to visit [url]whatismyip.com[/url]. It'll display your external IP, which is the IP that other computers OUTSIDE your network see when connecting to them. Keep in mind that unless you're running a webserver or some kind of server that allows external connections from outside your network, knowing your external IP address won't do much. If you have nothing broadcasting externally, your external IP won't do anything for the attacker.
A better question would be, what are you afraid of? What is it exactly that you're trying to protect?

[edzzzz]

Ah ok great, I understand. So just to confirm, information regarding a network's external IP address is not broadcasted (unencrypted at least)?

My reason for this thread was solely curiosity. I live in Ireland and one of the country's main ISP's is called "eircom". I noticed over the past year that the vast majority of people with this ISP have the same router, namely the "ZyXEL P-660" router. After doing a quick google for zyxel router exploits, I came across this framework http://www.routerpwn.com/#zyxel
where a few, fairly significant exploits are described, although they obviously rely on the IP address of the router, which in turn led me to the question.

So say one was to launch kismet for example, and in turn reveal a WPA secured wireless network possessing this Zyxel router, if they obtained the external IP address, they could execute one of these exploits and acquire access to the router and thus the WPA key...

[limdis]

This is a bit more advanced for beginner wireless hacking methods. Not to bust on mShred but you can sniff and harvest packets without being connected to the target network. Which is why it's critical to not log into anything important at your local coffeshop with free open wifi. I can sit in my car and harvest your logins from outside, and no need for firesheep and worrying about connecting at all. This will limit what you can do, as your can pretty much only just 'watch' what is happening. More on that if you are curious. But as far as getting your global IP address; I'm not 100% sure but I haven't tried either. You can pull local IP's with no problems. So I'll have to do some testing. However, my money is on no, you cant. Not unless a user on the network does something that will broadcast it through the airwaves. Now back to monitoring, airodump, wireshark, etc. if set properly you can harvest anything that passes through the air from a single target. But if those packets are encrypted (ie, wep/wpa2) they are not readable. The attacker will have to crack your encryption pass before decrypting those packets; which isn't that hard to do once you have the key. This can be done without connecting to the network but it will take someone with a lot of patience and self control to not immediately connect and start leeching your internet (ask me about detection later). In the long run, if your network is encrypted and they break your encryption it won't make much of a difference if they get your global IP anyway. If you don't stop them you might as well hand over full access to all your accounts.

[KthProg]

Limdis I have a question related to your response,
Is it possible that somebody's PHP session ID might be passed over the internet unencrypted and be intercepted with something like Wireshark?

[limdis]

I personally haven't looked over an unencrypted network. I'll add that to the list of things to test. Now when performing a mitm attack then getting these can be fairly simple. But you're purposely intercepting at that point rather than monitor harvesting.
In short: I'm not for sure.

[KthProg]

It literally just blew my mind in my CCNA class when I was told that HTTP is plain text lol.
My professor in that class told me that you can set up DHCP client on your computer and intercept other peoples DHCP requests, give them a legitimate IP and become their default gateway, then you'd be able to intercept all of their internet traffic.
Of course, I'm not sure he knows what the hell he's talking about lol.
This and custom packets has been occupying my mind for awhile lol.
Well lemme know if/when you test that.