Results 1 to 7 of 7

Thread: ettercap - sniffing works, but I can't see passwords

  1. #1
    Just burned his ISO
    Join Date
    Feb 2007
    Posts
    2

    Default ettercap - sniffing works, but I can't see passwords

    Hi everyone.

    I know that the ettercap forums would be a better place for this, but it looks like they have a problem when with the registration of new users, thats why I post it here...

    I use the ettercap version of BackTrack 2.0 to perform some ftp password sniffing in a my switched lab. I used the arp spoofing feature in ettercap, that works, but I can't see any passwords in ettercap

    I used tcpdump and wireshark to verify that the arp spoofing works correct and I can see all the packets (in wireshark I can see the username and password of the ftp session). But the password collectors in ettercap don't work.

    Has anyone a clue what I'm doing wrong ??

    Thank you

    Trick

  2. #2
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    I don't remember specifically the solution...or if there was a solution...but the common problem has been the use of a switch on a hub. Several people have complained of ettercap failing to work on switched networks.

    Sorry, but I can't help you any further.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  3. #3
    Member imported_blackfoot's Avatar
    Join Date
    Jun 2007
    Posts
    386

    Default switch

    A switch is a semi-intelligent device which directs traffic to specific mac addresses. It does not broadcast.

    Ettercap will only collect data from 'new' tcp connections.

    The solution is to use a program to flood the device with addresses until its memory is used wherein it will act as a hub. TCP connections can be made to reconnect.

    The collection in dsniff includes programs for these projects.
    Lux sit

  4. #4
    Just burned his ISO
    Join Date
    Feb 2007
    Posts
    2

    Default

    But I'm sniffing a new tcp connection. I can see the 3-way handshake...

    Anyway. Thank you

  5. #5
    Member hawaii67's Avatar
    Join Date
    Feb 2006
    Posts
    318

    Default

    Well, arp-spoofing is the right means and it obviously works. I had the same "problem". Ettercap doesn't display the password with the "-q" option. If you use it without the -q option it will display the password.....besides it wil disply all the traffic.... WEIRD!

    Greetz
    Don't eat yellow snow :rolleyes:

  6. #6
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    18

    Default

    there is a program that runs under windows named UFA ICQ Sniff from ufasoft(dot)com this programs shows passwords and all unencrypted traffic in a network
    very easy to use for beginners.....

    and since am a newbie in linux and BT can anyone help with a simillar software under linux

  7. #7
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by -=Xploitz=- View Post
    I don't remember specifically the solution...or if there was a solution...but the common problem has been the use of a switch on a hub. Several people have complained of ettercap failing to work on switched networks.

    Sorry, but I can't help you any further.
    By the way... the Ettercap QnA forum is back up!!!! Damn... been a LONG time since its been up
    dd if=/dev/swc666 of=/dev/wyze

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •