Windows based sniffer - Page 2

arsham11 · 05-07-2004

After spending much time on this, the only realiable packet capture tools under windows platform seem to be commercial tools such as AiropeekNX! The other free tools are not optimized for 802.11 networks, but they can work just fine for IP based WLANs which DON'T use WEP. But they still do need the correct driver for hermes chipset which is only available with AiropeekNX. So what you can do is download the Airopeek Demo version and use the driver included with this tool.
Using this method all the WinPCap based tools work just fine!
I have included this topic in more detail in my thesis available at http://wifi.arsham.net .

Hiro_ · 05-26-2005

Ok, so I've been playing around with ARP Poisoning a bit now but can't seem to find an app that suits me.

I installed EttercapNG (Ported to Windows) but found it hard to use. I found poisoning the victims easy with the user-friendly interface. Sniffing seemed to work fine, (but I couldn't find a way to make sure). Then I realized that EttercapNG actually uses it's own file-format(?) *.eci and *.ecp and not the common *.pcap-format. This sucked since then I was forced to use an text based tool (Etterlog) in DOS-mode to view the file and not being able to use the all powerful Ethereal :/

I Cain & Abel v2.69 worked much easier but seemed unstable. After poisoning my workstation and router I was able to do man-in-the-middle attacks from my laptop. I did a test run and tried to log on to my router from my workstation. I got to the logon-screen, tried to log on, sent the request. Cain & Able seemed to pick up the username and password just fine...then my Laptop (running Cain) blue dumped and my workstation never managed to bring up the html-site that the router should have generated. I guess that my router and my workstation still were poisoned since all traffic between them ceased to work. Only way around was to reboot both.

1. If I used and software to ARP poison my network, could I then use another sniffer software that normally just works in promiscious mode, say Ethereal, for man-in-the-middle sniffing?

2. What software would be appropriate?

3. Anybody got an Idea why my Cain session crashed?

4. Anybody know an app for viewing the EttercapNG capture?

Thanks // Hiro_

Hiro_ · 05-26-2005

Quote:

Originally Posted by semtecx

do an arp poisoning on all hosts in your network.
start an other sniffer like ethreal and sniff then the packages....

man in the middle......rox

What app would you use for ARP Poisoning then? I've been having some trouble with this (see above post)

Thanks // Hiro_

05-07-2004	#16 (permalink)
arsham11 <-121-> Join Date: Mar 2004 Location: California Posts: 29	final result... After spending much time on this, the only realiable packet capture tools under windows platform seem to be commercial tools such as AiropeekNX! The other free tools are not optimized for 802.11 networks, but they can work just fine for IP based WLANs which DON'T use WEP. But they still do need the correct driver for hermes chipset which is only available with AiropeekNX. So what you can do is download the Airopeek Demo version and use the driver included with this tool. Using this method all the WinPCap based tools work just fine! I have included this topic in more detail in my thesis available at http://wifi.arsham.net . __________________ <-arS-121-Ham->

05-26-2005	#17 (permalink)
Hiro_ Registered Member Join Date: Apr 2005 Location: Gothenburg, Sweden Posts: 16	Sniffing a switched network (Windows) Ok, so I've been playing around with ARP Poisoning a bit now but can't seem to find an app that suits me. I installed EttercapNG (Ported to Windows) but found it hard to use. I found poisoning the victims easy with the user-friendly interface. Sniffing seemed to work fine, (but I couldn't find a way to make sure). Then I realized that EttercapNG actually uses it's own file-format(?) .eci and .ecp and not the common *.pcap-format. This sucked since then I was forced to use an text based tool (Etterlog) in DOS-mode to view the file and not being able to use the all powerful Ethereal :/ I Cain & Abel v2.69 worked much easier but seemed unstable. After poisoning my workstation and router I was able to do man-in-the-middle attacks from my laptop. I did a test run and tried to log on to my router from my workstation. I got to the logon-screen, tried to log on, sent the request. Cain & Able seemed to pick up the username and password just fine...then my Laptop (running Cain) blue dumped and my workstation never managed to bring up the html-site that the router should have generated. I guess that my router and my workstation still were poisoned since all traffic between them ceased to work. Only way around was to reboot both. 1. If I used and software to ARP poison my network, could I then use another sniffer software that normally just works in promiscious mode, say Ethereal, for man-in-the-middle sniffing? 2. What software would be appropriate? 3. Anybody got an Idea why my Cain session crashed? 4. Anybody know an app for viewing the EttercapNG capture? Thanks // Hiro_

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode