Jump to content


Photo
- - - - -

ettercap


  • Please log in to reply
11 replies to this topic

#1 onedayillpay

onedayillpay

    DDP Fan club member

  • Banned
  • 49 posts

Posted 06 November 2007 - 03:22 PM

So i have been playing around on my network with ettercap on backtrack2(not the gui). its a simple program and i think i have masterd it, I got 2 desk tops and want to learn more but not sure what to do next. so what els is fun and easy?

#2 Uncue

Uncue

    SCRiPT KiDDie

  • Members
  • 25 posts
  • Location:Raleigh, NC

Posted 06 November 2007 - 04:26 PM

arp poisoning

#3 onedayillpay

onedayillpay

    DDP Fan club member

  • Banned
  • 49 posts

Posted 06 November 2007 - 05:02 PM

arp poisoning


I read this a few days ago. I understand the concept.

#4 Gregor

Gregor

    elite

  • Members
  • 109 posts

Posted 06 November 2007 - 05:15 PM

Have a look at filters in ettercap for redirection. Irongeek did a video about it.

#5 m3747r0n

m3747r0n

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 400 posts
  • Country:
  • Gender:Male
  • Location:164.225.0.0

Posted 06 November 2007 - 05:20 PM

You could play around with tcpdump and tcpreplay.

#6 onedayillpay

onedayillpay

    DDP Fan club member

  • Banned
  • 49 posts

Posted 06 November 2007 - 05:42 PM

You could play around with tcpdump and tcpreplay.

so ill make a pcaplog with ettercap then test out tcpreplay.
edit: doesn't ettercap have a real time replay plug in. I was already playing with that and it works like a charm. or is this a different umm thing.. lol

Edited by onedayillpay, 06 November 2007 - 05:46 PM.


#7 onedayillpay

onedayillpay

    DDP Fan club member

  • Banned
  • 49 posts

Posted 06 November 2007 - 06:06 PM

http://tcpreplay.syn.../wiki/tcpreplay
some good examples of tcpreplay

Edited by onedayillpay, 06 November 2007 - 06:12 PM.


#8 onedayillpay

onedayillpay

    DDP Fan club member

  • Banned
  • 49 posts

Posted 06 November 2007 - 08:25 PM

Im playing around with some basice commands with tcpreplay.
I used ettercap to make a 'logfile.pcap' of the target computer,on the target computer ii visited a ffew web sites google.com,binrev.com, etc...
so then i used tcpreplay to test out this pcap file
bt ~ # tcpreplay --topspeed --intf1=eth0 logfile.pcap
sending out eth0
processing file: login.pcap
bt ~ #
im trying to understand what is going on please corect me.
basically right as i tcpreplay logfile.pcap the packets are being sent out and recived as if the target computer is connecting with google.com and binrev.com?
kinda of like a remote packet controle(lame turm)?
i hope you understand what im trying to say and that you guys can correct me.

Edit: Ok so i have been doing some test and yes right after you tcpreplay a pcap file, the packets are sent out.

Edited by onedayillpay, 06 November 2007 - 10:00 PM.


#9 onedayillpay

onedayillpay

    DDP Fan club member

  • Banned
  • 49 posts

Posted 07 November 2007 - 08:55 PM

http://download.sysi...essExplorer.zip <-- just for example/test
I made a pcap log of the packets that were sent and recived during the process of downloading this file.
then i used tcpreplay to launch the packets.
After "tcpreplay --topspeed --intf1=eth0 test.pcap" shouldnt the target computer be prompet with a window asking for permission to download the file? just as if you were to click on this link?
Or should i test with something other then Urls.

#10 onedayillpay

onedayillpay

    DDP Fan club member

  • Banned
  • 49 posts

Posted 08 November 2007 - 07:47 AM

http://download.sysi...essExplorer.zip <-- just for example/test
I made a pcap log of the packets that were sent and recived during the process of downloading this file.
then i used tcpreplay to launch the packets.
After "tcpreplay --topspeed --intf1=eth0 test.pcap" shouldnt the target computer be prompet with a window asking for permission to download the file? just as if you were to click on this link?
Or should i test with something other then Urls.

Were these questions understandable?

#11 McGrewSecurity

McGrewSecurity

    SUPR3M3 31337 Mack Daddy P1MP

  • Agents of the Revolution
  • 338 posts
  • Location:Starkville, MS

Posted 08 November 2007 - 08:28 AM

No. Even though you're replaying packets, the client machine hasn't initiated a connection, so it's not going to play along like that. Sniff while you replay, and you'll probably notice that if the client does see the traffic, it'll respond with RSTs.

#12 onedayillpay

onedayillpay

    DDP Fan club member

  • Banned
  • 49 posts

Posted 08 November 2007 - 03:57 PM

No. Even though you're replaying packets, the client machine hasn't initiated a connection, so it's not going to play along like that. Sniff while you replay, and you'll probably notice that if the client does see the traffic, it'll respond with RSTs.

i was sniffing as i replayed and i get the same response threw ettercap as if the client did click on the link. but if i was to check "netstat -a" or my firewall logs ill see know connection. It was a mis understanding.
http://tcpreplay.syn...e#UsageExamples
This link had me in the understanding that you could do what i was trying to.




BinRev is hosted by the great people at Lunarpages!