Jump to content


Photo
- - - - -

Ettercap good as cain?


  • Please log in to reply
6 replies to this topic

#1 SAGA

SAGA

    SUP3R 31337

  • Members
  • 175 posts
  • Location:India

Posted 28 August 2008 - 11:19 AM

I am using fedora core 9 and installed ettercap (ettercap-gtk)there, i scanned the network for hosts and it listed a bunch of hosts alive on the network,then i performed MITM on some machines and started sniffing......

When i saw the statistics, it kept updating the info and showed some packets where received (interesting packets and a lot)...but i am wondering where these packets are stored or whether i have to manually store and analyze these packets?

With cain we can perform MITM on machines and get their session hashes an crack them with the inbuild cracker..........i want to do the similar activity with ettercap please tell me how to do that ?

#2 xof7

xof7

    Hakker addict

  • Members
  • 558 posts
  • Location:Spokane, Washington

Posted 28 August 2008 - 12:53 PM

Ettercap is just as capabale as Cain as a password sniffer. However ettercap is not as automated/simple as Cain is.

#3 SAGA

SAGA

    SUP3R 31337

  • Members
  • 175 posts
  • Location:India

Posted 30 August 2008 - 10:40 PM

I want to know, where's the captured packets are stored? how to analyse them?

#4 Enigma

Enigma

    HPR Overlord

  • Moderating Team
  • 839 posts
  • Country:
  • Gender:Male
  • Location:Florida

Posted 31 August 2008 - 12:31 AM

I want to know, where's the captured packets are stored? how to analyse them?



use the -w switch and specify a file name and they will be written there so you can pull them up in like wireshark or some other pcap viewer


-E

#5 SAGA

SAGA

    SUP3R 31337

  • Members
  • 175 posts
  • Location:India

Posted 31 August 2008 - 07:47 AM

I want to know, where's the captured packets are stored? how to analyse them?



use the -w switch and specify a file name and they will be written there so you can pull them up in like wireshark or some other pcap viewer


-E


Thanks Enigma, i used wireshark to analyze the pcap file :)
It lists several protocols and corresponding captured messages...How can i find captured windows session hashes or LM hashes from them? Is there any other pcap viewers other than wireshark? Or is there any automated password extractors available to extract passwords from the pcap file? Please Give me a knowledge base article regarding ettercap and packet analysis......

#6 thecowman

thecowman

    SCRiPT KiDDie

  • Members
  • 22 posts

Posted 31 August 2008 - 08:19 AM

i prefer ettercap to cain purely cause its scriptable and you can write your own filters
im not sure if cain has ssh2 downgrade as well which is the foshizzle

#7 Enigma

Enigma

    HPR Overlord

  • Moderating Team
  • 839 posts
  • Country:
  • Gender:Male
  • Location:Florida

Posted 31 August 2008 - 07:46 PM

Thanks Enigma, i used wireshark to analyze the pcap file :)
It lists several protocols and corresponding captured messages...How can i find captured windows session hashes or LM hashes from them? Is there any other pcap viewers other than wireshark? Or is there any automated password extractors available to extract passwords from the pcap file? Please Give me a knowledge base article regarding ettercap and packet analysis......



you should be able to find a filter for the things your looking for i believe irongeek did a video on wireshark filters a while back

-E




BinRev is hosted by the great people at Lunarpages!