Ettercap Features Ettercap supports active and passive dissection of many protocols (including ciphered ones) and provides

many features for network and host analysis. Ettercap offers four modes of operation: - IP-based: packets are filtered based on IP source and destination. - MAC-based: packets are filtered based on MAC address, useful for sniffing connections through a gateway. - ARP-based: uses ARP poisoning to sniff on a switched LAN between two hosts (full-duplex). - Public ARP-based: uses ARP poisoning to sniff on a switched LAN from a victim host to all other hosts (half-duplex).

In addition, the software also offers the following features: - Character injection into an established connection: characters can be injected into a server (emulating commands) or to a client (emulating replies) while maintaining a live connection. - SSH1 support: the sniffing of a username and password, and even the data of an SSH1 connection. Ettercap is the first software capable of sniffing an SSH connection in full duplex. - HTTPS support: the sniffing of HTTP SSL secured dataeven when the connection is made through a proxy. - Remote traffic through a GRE tunnel: the sniffing of remote traffic through a GRE tunnel from a remote Cisco router, and perform a man-in-the-middle attack on it. - Plug-in support: creation of custom plugins using Ettercap's API. - Password collectors for: TELNET, FTP, POP, IMAP, rlogin, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, Napster, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, Half-Life, Quake 3, MSN, YMSG - Packet filtering/dropping: setting up a filter that searches for a particular string (or hexadecimal sequence) in the TCP or UDP payload and replaces it with a custom string/sequence of choice, or drops the entire packet. - OS fingerprinting: determine the OS of the victim host and its network adapter. - Kill a connection: killing connections of choice from the connections-list. - Passive scanning of the LAN: retrieval of information.

ARP Spoofing Open Ettercap in graphical mode #ettercap -G

Select the sniff mode Sniff - Unified sniffing

Scan for host inside your subnet Hosts - Scan for hosts

The network range scanned will be determined by the IP settings of the interface you have just chosen in the previous step.

See the MAC & IP addresses of the hosts inside your subnet. Select the machines to poison Choose to ARP poison only the windows machine 192.168.1.2 and the router 192.168.1.1. Highlight the line containing 192.168.1.1 and click on the "target 1" button. Highlight the line containing 192.168.1.2 and click on the "target 2" button. If you do not select any machines as target, all the machine inside the subnet will be ARP poisoned.

Check your targets

Start the ARP poisoning Mitm - Arp poisoning

Start the sniffer

Start the sniffer to collect statistics. Start - Start sniffing Stop ARP Spoofing

Ettercap is pretty effective. After the attack, it will "re-arp" the victims. In other words the victims ARP cache will again contain correct entries . If the cache still contains poisoned IP MAC address correspondences, you can either wait some minutes, which is the time needed for the entry ARP cache to refresh itself, or, better, clear the ARP cache. On a Microsoft machine: C:\Documents and Settings\admin>arp -d *

On an Ubuntu or Debian Linux: #arp -d ip_address

On a Cisco router: #clear arp-cache

Download Ettercap-NG 0.7.3 here

Loading

Contact Info

Airdemon NS. Amsterdam (NL) Email: postmaster@airdemon.net

Manuela St Barthelemy

Robert St Bartelhmy

Airdemon.NET
airdemon_net airdemon_net Extreme GPU Bruteforcer is a professional solution for the recovery of passwords from hashes using GPU airdemon.net/bruteforce2.ht 14 hours ago reply retweet favorite airdemon_net Russian FSB under DDoS attack #OP_Russia airdemon.net/russian2.html 16 hours ago reply retweet favorite airdemon_net FBI probes leaks on Iran cyberattack airdemon.net/fbi31.html 17 hours ago reply retweet favorite airdemon_net LinkedIn investigating reports that 6.46 million hashed passwords have leaked online airdemon.net/cybercrime33.h 19 hours ago reply retweet favorite Join the conversation Copyright Airdemon NS 2011. All Rights Reserved.

Email: gh0std0g2011@hotmail.com Design by Cod3inj3ct0r.