onedayillpay

ettercap

12 posts in this topic

So i have been playing around on my network with ettercap on backtrack2(not the gui). its a simple program and i think i have masterd it, I got 2 desk tops and want to learn more but not sure what to do next. so what els is fun and easy?

0

Share this post


Link to post
Share on other sites

Have a look at filters in ettercap for redirection. Irongeek did a video about it.

0

Share this post


Link to post
Share on other sites

You could play around with tcpdump and tcpreplay.

0

Share this post


Link to post
Share on other sites
You could play around with tcpdump and tcpreplay.

so ill make a pcaplog with ettercap then test out tcpreplay.

edit: doesn't ettercap have a real time replay plug in. I was already playing with that and it works like a charm. or is this a different umm thing.. lol

Edited by onedayillpay
0

Share this post


Link to post
Share on other sites

Im playing around with some basice commands with tcpreplay.

I used ettercap to make a 'logfile.pcap' of the target computer,on the target computer ii visited a ffew web sites google.com,binrev.com, etc...

so then i used tcpreplay to test out this pcap file

bt ~ # tcpreplay --topspeed --intf1=eth0 logfile.pcap
sending out eth0
processing file: login.pcap
bt ~ #

im trying to understand what is going on please corect me.

basically right as i tcpreplay logfile.pcap the packets are being sent out and recived as if the target computer is connecting with google.com and binrev.com?

kinda of like a remote packet controle(lame turm)?

i hope you understand what im trying to say and that you guys can correct me.

Edit: Ok so i have been doing some test and yes right after you tcpreplay a pcap file, the packets are sent out.

Edited by onedayillpay
0

Share this post


Link to post
Share on other sites

http://download.sysinternals.com/Files/ProcessExplorer.zip <-- just for example/test

I made a pcap log of the packets that were sent and recived during the process of downloading this file.

then i used tcpreplay to launch the packets.

After "tcpreplay --topspeed --intf1=eth0 test.pcap" shouldnt the target computer be prompet with a window asking for permission to download the file? just as if you were to click on this link?

Or should i test with something other then Urls.

0

Share this post


Link to post
Share on other sites
http://download.sysinternals.com/Files/ProcessExplorer.zip <-- just for example/test

I made a pcap log of the packets that were sent and recived during the process of downloading this file.

then i used tcpreplay to launch the packets.

After "tcpreplay --topspeed --intf1=eth0 test.pcap" shouldnt the target computer be prompet with a window asking for permission to download the file? just as if you were to click on this link?

Or should i test with something other then Urls.

Were these questions understandable?
0

Share this post


Link to post
Share on other sites

No. Even though you're replaying packets, the client machine hasn't initiated a connection, so it's not going to play along like that. Sniff while you replay, and you'll probably notice that if the client does see the traffic, it'll respond with RSTs.

0

Share this post


Link to post
Share on other sites
No. Even though you're replaying packets, the client machine hasn't initiated a connection, so it's not going to play along like that. Sniff while you replay, and you'll probably notice that if the client does see the traffic, it'll respond with RSTs.

i was sniffing as i replayed and i get the same response threw ettercap as if the client did click on the link. but if i was to check "netstat -a" or my firewall logs ill see know connection. It was a mis understanding.

http://tcpreplay.synfin.net/trac/wiki/usage#UsageExamples

This link had me in the understanding that you could do what i was trying to.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now