I am using fedora core 9 and installed ettercap (ettercap-gtk)there, i scanned the network for hosts and it listed a bunch of hosts alive on the network,then i performed MITM on some machines and started sniffing......
When i saw the statistics, it kept updating the info and showed some packets where received (interesting packets and a lot)...but i am wondering where these packets are stored or whether i have to manually store and analyze these packets?
With cain we can perform MITM on machines and get their session hashes an crack them with the inbuild cracker..........i want to do the similar activity with ettercap please tell me how to do that ?
Ettercap good as cain?
Started by
SAGA
, Aug 28 2008 11:19 AM
6 replies to this topic
#2
xof7
-
- Members
-
- 558 posts
Hakker addict
- Location:Spokane, Washington
Posted 28 August 2008 - 12:53 PM
Ettercap is just as capabale as Cain as a password sniffer. However ettercap is not as automated/simple as Cain is.
#3
SAGA
-
- Members
-
- 175 posts
SUP3R 31337
- Location:India
Posted 30 August 2008 - 10:40 PM
I want to know, where's the captured packets are stored? how to analyse them?
#4
Enigma
-
- Moderating Team
-
- 839 posts
HPR Overlord
-
Country:
- Gender:Male
- Location:Florida
Posted 31 August 2008 - 12:31 AM
I want to know, where's the captured packets are stored? how to analyse them?
use the -w switch and specify a file name and they will be written there so you can pull them up in like wireshark or some other pcap viewer
-E
#5
SAGA
-
- Members
-
- 175 posts
SUP3R 31337
- Location:India
Posted 31 August 2008 - 07:47 AM
I want to know, where's the captured packets are stored? how to analyse them?
use the -w switch and specify a file name and they will be written there so you can pull them up in like wireshark or some other pcap viewer
-E
Thanks Enigma, i used wireshark to analyze the pcap file
It lists several protocols and corresponding captured messages...How can i find captured windows session hashes or LM hashes from them? Is there any other pcap viewers other than wireshark? Or is there any automated password extractors available to extract passwords from the pcap file? Please Give me a knowledge base article regarding ettercap and packet analysis......
#6
thecowman
-
- Members
-
- 22 posts
SCRiPT KiDDie
Posted 31 August 2008 - 08:19 AM
i prefer ettercap to cain purely cause its scriptable and you can write your own filters
im not sure if cain has ssh2 downgrade as well which is the foshizzle
im not sure if cain has ssh2 downgrade as well which is the foshizzle
#7
Enigma
-
- Moderating Team
-
- 839 posts
HPR Overlord
-
Country:
- Gender:Male
- Location:Florida
Posted 31 August 2008 - 07:46 PM
Thanks Enigma, i used wireshark to analyze the pcap file
It lists several protocols and corresponding captured messages...How can i find captured windows session hashes or LM hashes from them? Is there any other pcap viewers other than wireshark? Or is there any automated password extractors available to extract passwords from the pcap file? Please Give me a knowledge base article regarding ettercap and packet analysis......
you should be able to find a filter for the things your looking for i believe irongeek did a video on wireshark filters a while back
-E
BinRev is hosted by the great people at Lunarpages!
