Ethereal

For beginners, flames not allowed...(just by the staff :P)
Post Reply
User avatar
w1tchdoctor
suck-o-fied!
suck-o-fied!
Posts: 50
Joined: 13 Jan 2006, 17:00
15

Ethereal

Post by w1tchdoctor »

hey i need a little help with Ethereal...Not that i would do this, but if i wanted to trap password going throught a specific server....how would i go about that? Thanks....
Alles hat ein Ende; ausgenommen Wurst hat zwei...

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11549
Joined: 06 Apr 2005, 16:00
15
Location: The zone.
Contact:

Post by bad_brain »

well, Ethereal wouldn´t be the right tool for this... :wink:
it captures the packets in promiscous mode which pass your network card, so you would have to be a member of the same physical network as the target.
the kind of attack you describe is the man in the middle-attack, you kinda hijack the connection between 2 hosts by IP/arp spoofing.
Ettercap is the classic tool for this:
http://www.xatrix.org/dload.php?id=18

if you want to experiment with this program do it in your private network to stay away from trouble, because at least advanced knowledge about networking is inevitable... :wink:

User avatar
w1tchdoctor
suck-o-fied!
suck-o-fied!
Posts: 50
Joined: 13 Jan 2006, 17:00
15

Post by w1tchdoctor »

yeah i am talking about my own network anyways...but ill try to use the other one.....
Alles hat ein Ende; ausgenommen Wurst hat zwei...

User avatar
w1tchdoctor
suck-o-fied!
suck-o-fied!
Posts: 50
Joined: 13 Jan 2006, 17:00
15

Post by w1tchdoctor »

okay...i am so confused as to how to use Ettercap its not even funny...a little help would be much appreciated....thanks
Alles hat ein Ende; ausgenommen Wurst hat zwei...

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11549
Joined: 06 Apr 2005, 16:00
15
Location: The zone.
Contact:

Post by bad_brain »

hm, well, if you want to use it in your local network Ethereal is ok too, and it´s easier to handle than Ettercap. you can´t run a man-in-the-middle attack with it, but in your local net there´s no need to do it anyway.
to sniff the traffic you simply have to set the interface you want to use (network card) and then hit capture. when you´re done with capturing you can view all packets that have been sent trough the network, but be warned, it´ll be a LOT! but you can set filters, UDP and ICMP-packets don´t need to be logged for example (for your purposes)... :wink:

User avatar
Lyecdevf
cyber Idi Amin
cyber Idi Amin
Posts: 1222
Joined: 16 Mar 2006, 17:00
14
Location: In between life and death.
Contact:

Post by Lyecdevf »

I also thought that I could use ethereal as a man-in-the-middle attack. I have downloaded Ettercap and I am as well unaware of how to use it.

I have looked at some tutorials but they did not really help out. I was wondering wether you do a whois search about who the target is connected with and with who it is interchanging data and some how put those IP's...

User avatar
Stavros
ΜΟΛΩΝ ΛΑΒΕ
ΜΟΛΩΝ ΛΑΒΕ
Posts: 1084
Joined: 02 Jan 2006, 17:00
15
Location: Mississippi, U.S.A.

Post by Stavros »

A while back, bad_brain, CircuitB0mB, Maboroshi and maybe someone else got togheather in a yahoo chat and bad_brain showed us the basics of Ethereal.

I think what you're looking for is a packet editor. Bad_brain will have to verify this, since I haven't messed with a packet editor, but it sounds like that's what you want in addition to using Ethereal.

User avatar
Lyecdevf
cyber Idi Amin
cyber Idi Amin
Posts: 1222
Joined: 16 Mar 2006, 17:00
14
Location: In between life and death.
Contact:

Post by Lyecdevf »

I need some thing to use as a man-in-the-middle attack. As I understand Ettercap is for that.

It is not simple to use and I guess it will take some time. I have already looked at some tutorials but have not gathered any thing from them.

User avatar
maboroshi
Dr. Mab
Dr. Mab
Posts: 1607
Joined: 28 Aug 2005, 16:00
15

Well

Post by maboroshi »

I would suggest typing ettercap -h at the prompt for info on how to use it

User avatar
Lyecdevf
cyber Idi Amin
cyber Idi Amin
Posts: 1222
Joined: 16 Mar 2006, 17:00
14
Location: In between life and death.
Contact:

Post by Lyecdevf »

Some webmaster said that if I contact some one via MSN messanger or use voice mail that ethereal would pick up packets and mark them with orange, blue and some other colorfull arrows. What do you think about that?

I tried typing in that but I do not see what that would do. I do not have at least to my knowledge a tutorial on ettercap in my computer.

User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
15
Location: Michigan USA
Contact:

Ethereal

Post by DNR »

Use Ethereal it is easier to use. Yes it has pretty colors those can be explained under the VIEW>COLORING RULES..
You can also use the ANALYZE>EXPERT INFO tabs too.
Run ethereal on your own box, work with one program at a time like AIM, MSN, Yahoo, etc, Login to your email account. Then play back the packet sniffer. I also recommend a cookie decoder like Foundstone's cookie digger. Both of those can help you figure out how the internet works.
Continue to search for reading material and discussion gorups on ethereal.

DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11549
Joined: 06 Apr 2005, 16:00
15
Location: The zone.
Contact:

Post by bad_brain »

you can also use the filters to display only the packets you are looking for....you just have to find out what kind of protocol MSN is using and then enter it in the filter bar when you have captured traffic (of course Ethereal has to support this protocol, else you can do it with other parameters like packet size for example if MSN packets have a special size).
there are a lot of options, make sure to check the Ethereal manual, it´s very good....and if you have a home network play around a little by sending different packets like ICMP-ones (ping) for example, capture and analyze them, you can learn much about networking basics in doing so...:wink:

Post Reply