Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Sniffing host OS traffic via guest OS(BT4pre)

  1. #1
    Junior Member g1ic7h's Avatar
    Join Date
    Jul 2007
    Posts
    73

    Default Sniffing host OS traffic via guest OS(BT4pre)

    I'm running BT4 (guest OS) in vmware and would like to sniff all host traffic without poisoning. This should be fairly easy to setup but I'm having trouble figuring it out. Ettercap will work if I poison the host but surely this can be accomplished without poisoning the host.
    If anyone can lend a hand, it would be appreciated.
    "A teacher is never a giver of truth; he is a guide, a pointer to the truth that the student must discover for himself." - Bruce Lee

  2. #2
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Which network interface selection did you make on the VM
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  3. #3
    Junior Member g1ic7h's Avatar
    Join Date
    Jul 2007
    Posts
    73

    Default

    I have tried all three with no success in various configurations, I assume you mean bridged, nat, and host-only. Correct me if I am miss understanding you.

    For me to be a little more clear, I can give a scenario.

    lets say I am poisoning my lan with my host OS
    and would like to sniff the host traffic from my guest OS (bt4)
    i.e.
    ettercap -i eth0 -T (called in bt4)

    I do understand that the bridged mode in vm is incorrect in this scenario.
    "A teacher is never a giver of truth; he is a guide, a pointer to the truth that the student must discover for himself." - Bruce Lee

  4. #4
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by g1ic7h View Post
    I assume you mean bridged, nat, and host-only. Correct me if I am miss understanding you.
    I will assume you did not search and did not see the following sticky at the top of the newbie forums.
    http://forums.remote-exploit.org/new...ease-read.html
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  5. #5
    Junior Member g1ic7h's Avatar
    Join Date
    Jul 2007
    Posts
    73

    Default

    Quote Originally Posted by archangel.amael View Post
    I will assume you did not search and did not see the following sticky at the top of the newbie forums.
    http://forums.remote-exploit.org/new...ease-read.html

    Virtual machines such as vmware, virtual box and other software like it CAN ONLY USE usb wifi cards. Please do not post asking how to configure your pcomia card becasue from now on, since I have stickied this thread, you will be treated unmercifully. Thank you and have a nice day
    Well, I am using a USB card if you must know, Why the constant belittling of my posts. I don't see that I have violated purehate's post. My question is legitimate.
    "A teacher is never a giver of truth; he is a guide, a pointer to the truth that the student must discover for himself." - Bruce Lee

  6. #6
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by g1ic7h View Post
    Well, I am using a USB card if you must know, Why the constant belittling of my posts. I don't see that I have violated purehate's post. My question is legitimate.
    In what post did you bother to mention that were using a usb card.
    BTW the only post you edited was your second one and it does not contain this info either.
    As such, I posted the link because the question you asked (and based on the lack of information presented by you) is a typical one of someone who has not read the stick and noted that only usb cards will allow what you were asking about.
    Furthermore if you would have provided the appropriate information then I would not have needed to ask anything nor make reference to such posts.
    Now don't post anything else that will further detract from this thread's subject. Tell us the card type you have and if it is compatible (based on your research) with the version of BT you are using.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  7. #7
    Junior Member g1ic7h's Avatar
    Join Date
    Jul 2007
    Posts
    73

    Default

    In what post did you bother to mention that were using a usb card.
    I didn't, because I don't see the relevance. The host OS is handling the connection to the lan. No nics are actually connected to the guest OS.
    for example...
    If I were to connect the host OS to the lan via my alfa 36h
    the guest OS (bt4) will still use eth0 via vm
    just as it would on the wire.
    It doesn't matter how the host OS is connected.
    "A teacher is never a giver of truth; he is a guide, a pointer to the truth that the student must discover for himself." - Bruce Lee

  8. #8
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by g1ic7h View Post
    I didn't, because I don't see the relevance. The host OS is handling the connection to the lan. No nics are actually connected to the guest OS.
    for example...
    If I were to connect the host OS to the lan via my alfa 36h
    the guest OS (bt4) will still use eth0 via vm
    just as it would on the wire.
    It doesn't matter how the host OS is connected.
    Because 99.99% of all vmware questions are why the guest os can't use the built in wifi connection as a wifi device, and not as a wired device. The guest os won't get all the cool networking features from the host os' network adapters, like monitor, or injection.

    Now for your original question. How is the host machine connected to your network? If you're using a usb wifi adapter for the guest os connection, bridged, nat, host only, doesn't matter in vmware. The "easy" way to set this up properly, would be to use a usb ethernet adapter for the guest. Hook both the usb adapter and the ethernet cable coming out of the host machine to a hub, then hook the hub to your network. This is the same thing you'd do with two different machines.

  9. #9
    Junior Member g1ic7h's Avatar
    Join Date
    Jul 2007
    Posts
    73

    Default

    Thanks Barry, I was becoming a bit frustrated.

    How is the host machine connected to your network?
    I can connect the host OS via wire or wifi.

    If you're using a usb wifi adapter for the guest os connection, bridged, nat, host only, doesn't matter in vmware.
    Correct, I understand this fact...since the guest OS has made its own connection to the lan via the adapter...vmware network settings don't apply because the vmware settings or for sharing the host connection.

    I am not using an adapter on the guest OS.


    Is it possible to sniff the host traffic with out the use of a hub?
    maybe:
    sniff and capture on the guest but filter on the host's MAC or IP address???

    I would like to do the reverse of this:VMware Communities: Sniffing guest OS traffic via host? ...
    "A teacher is never a giver of truth; he is a guide, a pointer to the truth that the student must discover for himself." - Bruce Lee

  10. #10
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by g1ic7h View Post
    Thanks Berry, I was becoming a bit frustrated.


    I can connect the host OS via wire or wifi.


    Correct, I understand this fact...since the guest OS has made its own connection to the lan via the adapter...vmware network settings don't apply because the vmware settings or for sharing the host connection.

    I am not using an adapter on the guest OS.


    Is it possible to sniff the host traffic with out the use of a hub?
    maybe:
    sniff and capture on the guest but filter on the host's MAC or IP address???

    I would like to do the reverse of this:VMware Communities: Sniffing guest OS traffic via host? ...
    I don't think you can. Pretty sure the virtual network adapter doesn't have the capabilities to go into monitor mode. That's why I mentioned the usb network adapter.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •