NetStumbler.org Forums - View Single Post

Hiro_ · 05-26-2005

Ok, so I've been playing around with ARP Poisoning a bit now but can't seem to find an app that suits me.

I installed EttercapNG (Ported to Windows) but found it hard to use. I found poisoning the victims easy with the user-friendly interface. Sniffing seemed to work fine, (but I couldn't find a way to make sure). Then I realized that EttercapNG actually uses it's own file-format(?) *.eci and *.ecp and not the common *.pcap-format. This sucked since then I was forced to use an text based tool (Etterlog) in DOS-mode to view the file and not being able to use the all powerful Ethereal :/

I Cain & Abel v2.69 worked much easier but seemed unstable. After poisoning my workstation and router I was able to do man-in-the-middle attacks from my laptop. I did a test run and tried to log on to my router from my workstation. I got to the logon-screen, tried to log on, sent the request. Cain & Able seemed to pick up the username and password just fine...then my Laptop (running Cain) blue dumped and my workstation never managed to bring up the html-site that the router should have generated. I guess that my router and my workstation still were poisoned since all traffic between them ceased to work. Only way around was to reboot both.

1. If I used and software to ARP poison my network, could I then use another sniffer software that normally just works in promiscious mode, say Ethereal, for man-in-the-middle sniffing?

2. What software would be appropriate?

3. Anybody got an Idea why my Cain session crashed?

4. Anybody know an app for viewing the EttercapNG capture?

Thanks // Hiro_

05-26-2005	#17 (permalink)
Hiro_ Registered Member Join Date: Apr 2005 Location: Gothenburg, Sweden Posts: 16	Sniffing a switched network (Windows) Ok, so I've been playing around with ARP Poisoning a bit now but can't seem to find an app that suits me. I installed EttercapNG (Ported to Windows) but found it hard to use. I found poisoning the victims easy with the user-friendly interface. Sniffing seemed to work fine, (but I couldn't find a way to make sure). Then I realized that EttercapNG actually uses it's own file-format(?) .eci and .ecp and not the common *.pcap-format. This sucked since then I was forced to use an text based tool (Etterlog) in DOS-mode to view the file and not being able to use the all powerful Ethereal :/ I Cain & Abel v2.69 worked much easier but seemed unstable. After poisoning my workstation and router I was able to do man-in-the-middle attacks from my laptop. I did a test run and tried to log on to my router from my workstation. I got to the logon-screen, tried to log on, sent the request. Cain & Able seemed to pick up the username and password just fine...then my Laptop (running Cain) blue dumped and my workstation never managed to bring up the html-site that the router should have generated. I guess that my router and my workstation still were poisoned since all traffic between them ceased to work. Only way around was to reboot both. 1. If I used and software to ARP poison my network, could I then use another sniffer software that normally just works in promiscious mode, say Ethereal, for man-in-the-middle sniffing? 2. What software would be appropriate? 3. Anybody got an Idea why my Cain session crashed? 4. Anybody know an app for viewing the EttercapNG capture? Thanks // Hiro_