Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: ARP Poisoning 101 (Not sniffing info...)

  1. #11
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    2

    Default Re: ARP Poisoning 101 (Not sniffing info...)

    Quote Originally Posted by Snayler View Post
    In order to provide you with a solution, I will need some more info about your setup.
    VMware or LiveCD/HDD/USB install?
    Does eth0 refers to your ethernet interface?
    You can also post your iwconfig output.
    vmware/flash boot
    eth0 is my interface
    and i no longer have the configuration for that network and my flash drive busted, so going to have to wait on getting another one.

  2. #12
    Junior Member
    Join Date
    Apr 2009
    Location
    not telling
    Posts
    26

    Default Re: ARP Poisoning 101 (Not sniffing info...)

    You shouldn't select all clients, that's a mistake.
    Snayler is correct here, a friend of mine was playing around with ettercap at university and accidently took on a whole university subnet of approx 150 hosts and caused a DOS attack against a switch

    -editing the etter.conf file is essential as it tells ettercap what html tags to look for when sniffing the network
    -also setting up iptables appropriately sometimes will solve some issues
    /usr/local/etc/etter.conf [uncomment the iptables]
    echo "1" > /proc/sys/net/ipv4/ip_forward [enter this into shell]

    A great tutorial on ettercap can be found at http://infinityexists.com/

  3. #13
    Good friend of the forums gunrunr's Avatar
    Join Date
    Jan 2010
    Location
    shining my spoon
    Posts
    265

    Default Re: ARP Poisoning 101 (Not sniffing info...)

    1. understand this as well, running ettercap with sslstrip causes a slowdown on the network. Because all the packets have to go through you and be forwarded to the gateway while being inspected. Most laptops were never meant to be routers!
    2. Make your life easier, when you first open up ettercap gtk make sure you set the net mask, then it won't go and search all 1024 or so addresses for clients to add. For the most part setting the mask to 255.255.255.0 is plenty, it will search the last 8 bits of the network address or 255 possible clients. Most laptops were never meant to be routers!
    3. One last thing, if you are running sslstrip make sure you have post 10000 clear on your computer and have these lines
    Code:
    echo "1" > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    sslstrip -k -f -l 10000
    also be sure not to open any web pages with your computer while doing this sometimes it makes for conflicts and really lags things.
    Wielder of the spoon of doom
    Summercon, Toorcon, Defcon, Bsides, Derbycon, Shmoocon oh my
    Come hang out with hackers on twitter @gunrunr556

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •