Sniffing Tutorial:

[jamied_uk]

I've an onto some trouble with sniffing my other computers password through ssl.

I've forwarded the traffic : echo 1 /proc/sys/ipv4/ip_forward
Also i have edited the etter.conf file, removed the # at ip tables.

When i start ettercap i sellect sniff, uniffied sniffing. Do a scan, ctrl plus S.
Randomizing 63 hosts for scanning...
Scanning the whole netmask for 63 hosts...
60 hosts added to the hosts list...

Then Mitm and sellect ARP poisoning. Ok.

These hosts i can choose from:
My workstations ip are in the list, being 213.114.108.124
And this gateway i got is not in the list. when i use the ifconfig to check the gateway ip it says *.65 but that one isnt in the list. This gateway is provided from my isp and is not connectable, it just forwards the traffic.

So how should i set up the sniffing? And when i just scan the hosts then start sniffing my internet kind of dies, til i cancel the arp poisoning. Shed some light on this please!

Somehow i managed to sniff my password on my workstation yesterday, but i cant for the love of god remember what i did, and it is so frustrating. Been trying this for 3 hours soon.

(if you do sumit right pres ctrl c (to stop process not exit) and press up arrow and last command you typed is displayed). this will not help if you close window and restart maybe (or maybey sum does) but remember this trick for futer ppl when you get it right you wont expect it!!!!.

[prozac88]

wow guys this has turned out to be a huge thread. i am running bt3f in vmware on a vista machine and i am having troubles with ettercap, i have a wg111 v2 and a zydas zd1211rw usbs.

i have both interfaces set to monitor mode:
when i try to start sniffing in the gui with the wg111 i select interface and ettercap just closes.

when i try to start with the zydas i get an error "Interface 'eth1' not supported (802.11 plus BDS radio information header)

if anyone knows the fix or can point me into the direcection of a program that may be better for my setup it would be much apreciated.

thanx, prozac88

[imported_=Tron=]

i have both interfaces set to monitor mode:
when i try to start sniffing in the gui with the wg111 i select interface and ettercap just closes.

Well there is your problem. In order for ettercap to work you need to have your card in managed mode and properly connected to the network you wish to sniff on.

[prozac88]

ok so i got it capturing however i dont understand any of it, ive logged in and out fo these forums, hotmail, yahoo, got the security pop up but its all jibberish, is there something i need to do to "decode it".

and jsut for experimental sake i turned off all security so its an open network while im doin this

[shady]

How could I use Ettercap to sniff the packets of my own computer or a computer I ssh into instead of a remote computer with arp poisoning?

[phoenix910]

ok so i got it capturing however i dont understand any of it, ive logged in and out fo these forums, hotmail, yahoo, got the security pop up but its all jibberish, is there something i need to do to "decode it".

Don't be looking for the packets captured in wireshark - look in the ettercap window; they'll be in plaintext there.

How could I use Ettercap to sniff the packets of my own computer or a computer I ssh into instead of a remote computer with arp poisoning?

You don't need Ettercap to sniff your own packets - just open up wireshark. If you SSH into a computer, it's like it's a local computer (cause you have that command prompt up), so just run ettercap as per normal and you'd be sniffing that network.

~phoenix910

[DenKain]

EDIT:

Never mind, the issue turned out to be my firewall.

:-p

I am using ettercap on Ubuntu 8.04

[mRM3e]

This is a good tute for noobs, but it can get alot more advanced. Try playing with filters and plugins DNS spoofing is my personal fav!

Ettercap does MORE than just sniff web accounts

The only thing that is annoying the crap out of me is the warning the users get in IE7 with SSL. I wish I knew a way to aviod such messages to the user just incase the user is not ignorant.

mr_me

[shady]

I was told these attacks can be performed over the internet, not just LANs. Is there a tutorial somewhere on the forum for that?

[1shot_1kill]

Quick quesion, does ettercap automatically start arp poisoning a new host? Say i started the man in the middle and had the entire group as a target. Then a brand new host joins in the network after i started. Does this person also get poisoned?

Maybe there is something i'm not doing right, but what if i start the arp poison and the person is already logged their username and password? There is no way to gain access if they are not entering anything in correct?