14 replies to this topic

[Bugger]

Well, I've been poking around with Cain&Abel in windows to apply MITM and all...

It's working great and all but it can't handle networks with alot of computers properly (Well, thats my laptop's case... First generation of centrino )...



So I've been wondering if there's any other software that does something similar under Windows...

[WhatChout]

There is no software capable of adding cycles to your CPU.

[eth0s]

Either find a way to mirror a port on the switch so you don't HAVE to ARP spoof or choose less targets.

You probably are successfully DOSing your targets btw and I would guess they could be on to you pretty soon.

I honestly don't see any legit reason for arp cache poisoning in the first place unless you are doing something unconstitutional.

Edited by eth0s, 22 April 2009 - 12:47 PM.

[operat0r]

FYI ettercap sort of works for windows

[Crab234]

Maybe you should try Ettercap NG.
http://sourceforge.n...lease_id=269408

[xetan]

seems that etheral and cain and abel work the same !!

[xetan]

Well, I've been poking around with Cain&Abel in windows to apply MITM and all...

It's working great and all but it can't handle networks with alot of computers properly (Well, thats my laptop's case... First generation of centrino )...



So I've been wondering if there's any other software that does something similar under Windows...

what my point is that cos i have been using etheral and cain for just some time and when u look at the files generated by cain and that by etheral....they seem to br pretty much similar

so you can use any of them i guess...
even other software will consume same kind of memory cycles

[eth0s]

Don't you mean ettercap?

[Crab234]

Ettercap is less memory-consuming, (not to speak of when used without the GUI ).
Cain is sometimes heavy.

[eth0s]

I believe the issue isn't necessarily processing threads but collisions. When you poison the arp cache of a dozen or so ports to all send through one port to and from a single computer (mitm) you essentialy merge all separate collision domains into one. Switches were designed to handle collision domains by moving packets on individual ports instead of all ports like hubs do. I'd be willing to bet the problem is excessive colliding packets which is causing a cascading failure and DOSing the target machines, if not severely limiting their throughput.

Edited by eth0s, 27 April 2009 - 06:18 PM.

[xetan]

Don't you mean ettercap?

no i meant wireshark !!
basically etheral was a old name and wireshark is its new name !!
ettercap can be uswed for various other purposes too !!

[Crab234]

Ethernal \ Wireshark can only act as a sniffer.
In most cases when initiating an MITM attack, you'll need to send some requests along to the victim and the server (i.e. ARP).
This can be done by hand, using terminal commands, or with a wireshark plugin. but generally i prefer ettercap for these purposes.

[eth0s]

ettercap and cain are tools for arp cache poisoning. (MITM)
ethereal/wireshark and tcpdump are just packet sniffers.
But I'm sure you know this.

Edited by eth0s, 28 April 2009 - 12:36 PM.

[xetan]

ettercap and cain are tools for arp cache poisoning. (MITM)
ethereal/wireshark and tcpdump are just packet sniffers.
But I'm sure you know this.

yea i was having the same convention about ettercap.
just that i have personally never tried ettercap...instead used cain and wireshark to sniff packets...
but ettercap i know for sure that can be also used for phising attacks too....

i think that cain can't be !!

correct me if i am right

[phr34kc0der]

Its been a while since i've used cain but from what i remember ettercap is far superior, however both have their advantages. Cain is easy to setup and has a lot of nice tools built in whereas ettercap has some really awesome plugins and lets you alter the packets that are coming though your machine. Checkout irongeeks video on ettercap filters

Saying this, i have found ettercap to be slightly unstable on Windows so i would suggest either running it on Linux (check out something like backtrack if you dont want to install) or sticking with cain & able