Sign in to follow this  
Followers 0
Bugger

MITM for windows!?

15 posts in this topic

Well, I've been poking around with Cain&Abel in windows to apply MITM and all...

It's working great and all but it can't handle networks with alot of computers properly (Well, thats my laptop's case... First generation of centrino :P)...

So I've been wondering if there's any other software that does something similar under Windows...

0

Share this post


Link to post
Share on other sites

Either find a way to mirror a port on the switch so you don't HAVE to ARP spoof or choose less targets.

You probably are successfully DOSing your targets btw and I would guess they could be on to you pretty soon.

I honestly don't see any legit reason for arp cache poisoning in the first place unless you are doing something unconstitutional.

Edited by eth0s
0

Share this post


Link to post
Share on other sites
Well, I've been poking around with Cain&Abel in windows to apply MITM and all...

It's working great and all but it can't handle networks with alot of computers properly (Well, thats my laptop's case... First generation of centrino :P)...

So I've been wondering if there's any other software that does something similar under Windows...

what my point is that cos i have been using etheral and cain for just some time and when u look at the files generated by cain and that by etheral....they seem to br pretty much similar ^_^

so you can use any of them i guess...

even other software will consume same kind of memory cycles :P

0

Share this post


Link to post
Share on other sites

Ettercap is less memory-consuming, (not to speak of when used without the GUI :)).

Cain is sometimes heavy.

0

Share this post


Link to post
Share on other sites

I believe the issue isn't necessarily processing threads but collisions. When you poison the arp cache of a dozen or so ports to all send through one port to and from a single computer (mitm) you essentialy merge all separate collision domains into one. Switches were designed to handle collision domains by moving packets on individual ports instead of all ports like hubs do. I'd be willing to bet the problem is excessive colliding packets which is causing a cascading failure and DOSing the target machines, if not severely limiting their throughput.

Edited by eth0s
0

Share this post


Link to post
Share on other sites
Don't you mean ettercap? :)

no i meant wireshark !!

basically etheral was a old name and wireshark is its new name !!

ettercap can be uswed for various other purposes too !!

0

Share this post


Link to post
Share on other sites

Ethernal \ Wireshark can only act as a sniffer.

In most cases when initiating an MITM attack, you'll need to send some requests along to the victim and the server (i.e. ARP).

This can be done by hand, using terminal commands, or with a wireshark plugin. but generally i prefer ettercap for these purposes.

0

Share this post


Link to post
Share on other sites

ettercap and cain are tools for arp cache poisoning. (MITM)

ethereal/wireshark and tcpdump are just packet sniffers.

But I'm sure you know this.

Edited by eth0s
0

Share this post


Link to post
Share on other sites
ettercap and cain are tools for arp cache poisoning. (MITM)

ethereal/wireshark and tcpdump are just packet sniffers.

But I'm sure you know this.

yea i was having the same convention about ettercap.

just that i have personally never tried ettercap...instead used cain and wireshark to sniff packets...

but ettercap i know for sure that can be also used for phising attacks too....

i think that cain can't be !!

correct me if i am right :):D

0

Share this post


Link to post
Share on other sites

Its been a while since i've used cain but from what i remember ettercap is far superior, however both have their advantages. Cain is easy to setup and has a lot of nice tools built in whereas ettercap has some really awesome plugins and lets you alter the packets that are coming though your machine. Checkout irongeeks video on ettercap filters

Saying this, i have found ettercap to be slightly unstable on Windows so i would suggest either running it on Linux (check out something like backtrack if you dont want to install) or sticking with cain & able

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0