Sniffing Tutorial:

[snakeyes37]

I have a 2WIRE from SBC that I got when I signed up for DSL a few years ago. This tutorial didn't work on my router at all. I tried signing into my hotmail and yahoo but the only piece of information thats displayed in ettercap is the following,

Code:

Listening on ath0... (Ethernet)

  ath0 -> 00:20:A6:50:E5:E7         172.16.1.34         255.0.0.0


Privilegesdropped to UID 65534 GID 65534


   28 pugins
   39 protocol dissectors
   53 ports monitored
7587 mac vendor fingerprint
1698 tcp OS fingerprint
2183 known devices
Randomizing 16777215 hosts for scanning...


ARP poisoning vistims:


GROUP 1: ANY(all hosts in the list)


GROUP 2: ANY(all hosts in the list)
Starting Unified sniffing...


DHCP: [172.16.0.1] OFFER: 172.16.1.34 255.255.0.0 GW 172.16.0.1 DNS 172.16.0.1
DHCP: [172.16.0.1] OFFER: 172.16.1.34 255.255.0.0 GW 172.16.0.1 DNS 172.16.0.1
DHCP: [172.16.0.1] ACK: 0.0.0.0 255.255.0.0 GW 172.16.0.1 DNS 172.16.0.1 "gateway.2wire.net"
DHCP: [172.16.0.1] ACK: 0.0.0.0 255.255.0.0 GW 172.16.0.1 DNS 172.16.0.1 "gateway.2wire.net"
Unified sniffing was stopped.
ARP poisoner deactivated.
RE-ARPing the victims...

I also noticed in Ethereal every website I visit always has the extentsion of gateway.2wire.net

Is my router encrypting everything that goes through it? For example I went to myspace.com and in Ethereal it showed up like so "home.myspace.com.gateway.2wire.net"


Any help would greatly be appreciated.



Here is my hardware information,


Model: HomePortal 1000HW
Serial Number: 114116002590
Hardware Version: 2700-000364-006
Software Version: 3.5.5


I'm currently using Ettercap with my Proxim ORiNOCO 8470-WD 802.11 b/g


Thanks.

[yeehaw]

I'm waiting for the video
And another question....with this tutorial you mean that I can sniff outgoing traffic FROM ANOTHER MACHINE TO THE ROUTER?

That's the point yeah.
Example: You have a PC in a big company, set up as a sniffer, and you wait for the passwords to come in

[baalpeteor]

what about a small video tutorial hosted by rapidshare?

a small video for that????
wha.....


well lemme try to explain if that's kinda hard...

you open kwrite (you can type kwrite in an empty konsole)
and find that file he said.
then remove the # off the 2 lines and voila! that's it. make sure you save.
then do like he says in ettercap. unified sniffing is in one of the menues at the top

[baalpeteor]

I have not much luck with WPA's Myself. I used aircrack to do my attack on it though so I cant help you much with rainbow crack. The reason why I directed you to it though was because many people reported better success with it.

you use aircrack to crack other hashes? sounds creative to me ;-)

[likeachild]

i tested this it it works for all my passes
so then i went to access my bank account


www.bankofamerica.com
and ettercap did not pick up anything
(even though i accepted the certificate)

what is Bank of America doing that prevents ettercap from reading anything?

is there a way to implement this on my own server?

I just tested this technique on this forum, and ettercap does NOT pick up my forum username and pass

it says

SEND L3 ERROR: 56 byte packet (0800:01) destined to XXX.XXX.XXX.XXX was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Operation not permitted)

what does this mean?

[michelinok]

i tested this it it works for all my passes
so then i went to access my bank account


www.bankofamerica.com
and ettercap did not pick up anything
(even though i accepted the certificate)

what is Bank of America doing that prevents ettercap from reading anything?

is there a way to implement this on my own server?

I just tested this technique on this forum, and ettercap does NOT pick up my forum username and pass

it says

SEND L3 ERROR: 56 byte packet (0800:01) destined to XXX.XXX.XXX.XXX was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Operation not permitted)

what does this mean?

Haven't tested the HTTPS, but I CAN get username and password when logging here

[Emm Kay]

Ive only come here cause I need to sniff a hotmail account, dont have bad intentions, dont want passwords or anything but really need to monitor incoming n outgoing mails.
Can anyone tell me how to from an XP machine?...btw the person using the account is in another country...happens to be my hubbys ex

[imported_mike27]

I did all of the steps listed in the tutorial and I am able to sniff in ettercap, but when I go to gmail or other similar sites, I don't get any passwords or usernames or anything. When I go to hotmail, I see the fake certificate pop up, I accept it, but no passwords come through. Could I be doing something wrong?

[cancanoff]

Problem:
I start sniffing using "ath1" with kismet or aircrack
Then I open up Ettercap, and choose
Unified Sniffing
then choose "ath1"
Ettercap then automatically CLOSE
Why is that?
Card details as follow

Code:

iwconfig

eth0      no wireless extensions.

sit0      no wireless extensions.

wifi0     no wireless extensions.

ath0      IEEE 802.11g  ESSID:""
          Mode:Managed  Channel:0  Access Point: Not-Associated
          Bit Rate:0 kb/s   Tx-Power:19 dBm   Sensitivity=0/3
          Retry:off   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=0/94  Signal level=-95 dBm  Noise level=-95 dBm
          Rx invalid nwid:1513150  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

ath1      IEEE 802.11g  ESSID:""
          Mode:Monitor  Frequency:2.447 GHz  Access Point: 01:1R:1B:11:31:49
          Bit Rate:0 kb/s   Tx-Power:19 dBm   Sensitivity=0/3
          Retry:off   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=0/94  Signal level=-95 dBm  Noise level=-95 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

Code:

ifconfig

ath1      Link encap:UNSPEC  HWaddr 02-16-2D-45-3C-34-00-00-00-00-00-00-00-00-00-00
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:2978643 errors:0 dropped:0 overruns:0 frame:0
          TX packets:385460 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:820490813 (782.4 MiB)  TX bytes:26189776 (24.9 MiB)

eth0      Link encap:Ethernet  HWaddr 00:01:23:34:2D:3Q
          inet addr:10.0.0.4  Bcast:255.255.255.255  Mask:255.255.255.0
          inet6 addr: fe80::208:2ff:fe64:536c/64 Scope:Link
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11241 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10368 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:11203780 (10.6 MiB)  TX bytes:1367738 (1.3 MiB)
          Interrupt:10

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:780869 errors:0 dropped:0 overruns:0 frame:0
          TX packets:780869 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:251840871 (240.1 MiB)  TX bytes:251840871 (240.1 MiB)

wifi0     Link encap:UNSPEC  HWaddr 00--xx-xx-xx-xx-00-00-00-00-00-00-00-00-00-0 ( Masked myself)
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2939401 errors:0 dropped:1421253 overruns:0 frame:1000170
          TX packets:39344 errors:0 dropped:346116 overruns:0 carrier:0
          collisions:0 txqueuelen:199
          RX bytes:400672601 (382.1 MiB)  TX bytes:2811264 (2.6 MiB)
          Interrupt:11 Memory:e0e60000-e0e70000

[xtreme04]

wow this shit is hardcore, i just went to my nationalcity account and it picked up, the next time i ever go to any hotspots you can bet your ass, i wont be doing any thing that invloves enter a password