Sign in to follow this  
Followers 0
sagarun

Ettercap good as cain?

7 posts in this topic

I am using fedora core 9 and installed ettercap (ettercap-gtk)there, i scanned the network for hosts and it listed a bunch of hosts alive on the network,then i performed MITM on some machines and started sniffing......

When i saw the statistics, it kept updating the info and showed some packets where received (interesting packets and a lot)...but i am wondering where these packets are stored or whether i have to manually store and analyze these packets?

With cain we can perform MITM on machines and get their session hashes an crack them with the inbuild cracker..........i want to do the similar activity with ettercap please tell me how to do that ?

0

Share this post


Link to post
Share on other sites

Ettercap is just as capabale as Cain as a password sniffer. However ettercap is not as automated/simple as Cain is.

0

Share this post


Link to post
Share on other sites

I want to know, where's the captured packets are stored? how to analyse them?

0

Share this post


Link to post
Share on other sites
I want to know, where's the captured packets are stored? how to analyse them?

use the -w switch and specify a file name and they will be written there so you can pull them up in like wireshark or some other pcap viewer

-E

0

Share this post


Link to post
Share on other sites
I want to know, where's the captured packets are stored? how to analyse them?

use the -w switch and specify a file name and they will be written there so you can pull them up in like wireshark or some other pcap viewer

-E

Thanks Enigma, i used wireshark to analyze the pcap file :)

It lists several protocols and corresponding captured messages...How can i find captured windows session hashes or LM hashes from them? Is there any other pcap viewers other than wireshark? Or is there any automated password extractors available to extract passwords from the pcap file? Please Give me a knowledge base article regarding ettercap and packet analysis......

0

Share this post


Link to post
Share on other sites

i prefer ettercap to cain purely cause its scriptable and you can write your own filters

im not sure if cain has ssh2 downgrade as well which is the foshizzle

0

Share this post


Link to post
Share on other sites
Thanks Enigma, i used wireshark to analyze the pcap file :)

It lists several protocols and corresponding captured messages...How can i find captured windows session hashes or LM hashes from them? Is there any other pcap viewers other than wireshark? Or is there any automated password extractors available to extract passwords from the pcap file? Please Give me a knowledge base article regarding ettercap and packet analysis......

you should be able to find a filter for the things your looking for i believe irongeek did a video on wireshark filters a while back

-E

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0