How to use Ettercap for sniffing.
1. install none graphic
$ sudo apt-get install ettercap
# run by comand ettercap
2. or graphic have user interface
sudo apt-get install ettercap-gtk
# run by command ettercap --gtk or go to "Application" => "Internet" => "ettercap"
3. use program ettercap graphic step by step
# At menu "Sniff" => "Unified sniffing..." Shift+U => Select interface for sniffer
# Then menu in menu bar changed at menu "Hosts" => "Scan for hosts"
# At menu "Host" => "Host List" for show all ip in your subnet
# and at menu "Host List" add victim ip (mitm between 2 machine or more)
- select gateway ip and click "Add to Target 1"
- select victim ip for sniffer and click "Add to Target 2"
# At "Targets" => "Current Targets" to show victim ip for sniffer
Example :
-(target 1) ip 192.168.1.1 , mac aa:aa:aa:aa:aa:aa (gateway)
-(target 2) ip 192.168.1.38 , mac xx:xx:xx:xx:xx:xx (victim)
-(sniffer) ip 192.168.1.55 , mac zz:zz:zz:zz:zz:zz (sniffer)
# At menu Mitm => Arp poisoning... => Optional parameters
## Option 1 "Sniff remote connections." ##
# If you check "Sniff remote connections." and ok for prepare sniffing
(Result Check this for sniffing packet victims to gateway and gateway to victims)
on 192.168.1.1 if use command > arp -a (target 1)
Internet address : 192.168.1.38
Physical address : zz:zz:zz:zz:zz:zz (fake mac, sniffer mac)
Type : dynamic
on 192.168.1.38 if use command > arp -a (target 2)
Internet address : 192.168.1.1
Physical address : zz:zz:zz:zz:zz:zz (fake mac, sniffer mac)
Type : dynamic
192.168.1.38 can not use internet because fake mac gateway ^^'
- u(sniffer) can capture packet send from victim(target 2) to gateway(target 1)
- and can capture packet send from gateway to victim
- packet from gateway can not go to victim
- packet from victim can not go to gateway
- because packet from victim and gateway only to sniffer
- and sniffer not forward to victim or gateway
- if sniffer want forward to victim or gateway must "start sniffer"
- so victim can not use internet ^^'
### Start sniffer
# At menu "Start" if u(sniffer) click "Start" => "Start sniffing"
- packet from victim to gateway forward by sniffer
- packet from gateway to victim forward by sniffer
- victim can use internet and can ping gateway and gateway can ping victim by pass sniffer in middle
- if u(sniffer) want to stop arpspoof at "Mitm" => "Stop mitm attack(s)
- this option can check (befor sniffer run arpspoof) by victim use command arp -a for check real mac gateway
# At menu Mitm => Arp poisoning... => Optional parameters
## Option 2 "Only poison one-way." ##
# If you check "Only poison one-way." and ok
(Result check this for agitate)
(Agitate by send fake mac(victim) on gateway but real mac(gateway) on victims)
on 192.168.1.1 if use command > arp -a (target 1)
Internet address : 192.168.1.38
Physical address : zz:zz:zz:zz:zz:zz (fake mac, sniffer mac)
Type : dynamic
on 192.168.1.38 if use command > arp -a (target 2)
Internet address : 192.168.1.1
Physical address : aa:aa:aa:aa:aa:aa (real gateway mac)
Type : dynamic
- u(sniffer) can capture packet send from gateway(target 1) to victim(target 2)
- because on gateway 192.168.1.38 mac(fake mac sniffer) ^^'
- but can not capture packet send from victim to gateway
- because on victim 192.168.1.1 mac(real mac gateway)
- so Packet from gateway can not go to victim (to sniffer)
- but packet from victim can go to gateway (gateway can't reply)
- and so victim can not use internet because gateway reply incorrect ^^'
# Result
1. Change to use fake mac on victim and gateway
- if u want to change mac gateway on vitim and change mac victim on gateway
- must add gateway to target 1 and victim target 2 and use ## Option 1
2. Change to use fake mac victim on gateway but use real mac gateway on victim
- If u want only to change mac victim on gateway and on victim use real mac gateway
- must add gateway to target 1 and victim target 2 and use ## Option 2
3. Change to use fake mac gateway on victim but use real mac victim on gateway
- If u want only to change mac gateway on victim and on gateway use real mac victim
- must add gateway to target 2 and victim target 1 and use ## Option 2
4. Start sniffing for capture packet from them
- use result 1
- and must click "Start" => "Start sniffing"
5. ARP static should setting on gateway and client ^^' to ok
- ettercap on windows
- download
- ettercap web
Ref : wikipedia.org
Subscribe to:
Post Comments (Atom)
Popular Posts
-
Font เลือกเป็น Wingdings 2 เครื่องหมายถูก Shift + P เครื่องหมายผิด Shift + O ซึ่งเราสามารถใช้ Font Wingdings 2 ใน OpenOffice เพื่อเพิ่มเครื...
-
คือเครื่องเสียงในบ้าน เป็นแบบมีรู Microphone 3 รูและ AUX (เสียงเข้าเครื่องเสียง) 2 ชุด มีไมค์ 1 ตัวและ AUX 1 ชุดเสียบสาย ปัญหาคือ พอเปิด ไม...
-
ขั้นแรกต้องตั้งค่าซองก่อนโดยไปที่ menu tab Start Mail Merge => Envelopes เลือก template size ได้ตามต้องการ หรือจะกำหนดขนาดเองเลยโดยเลือก ...
-
http://football.sodazaa.com/
-
ที่มา : http://www.pcthailand.com/th/index.php?option=com_content&view=article&id=64:-regedit-&catid=40:2009-07-02-10-59-36&am...
-
ปัญหาคือ เราเข้าเว็บไซต์ อันนี้แล้ว ปัญหาภาษาไทย มันแสดงเป็นต่างดาวซะงั้น Solved Options => Under the Hood => Web Content ค...
-
คือ จะใช้ printer ที่เค้าแชร์ไว้ แต่มันดันถาม User, password ซะงั้น ทั้งที่ Enable Guest แล้วนะ ไม่รู้ Guest เครื่องนั้นมีใครไปตั้งรหัสให้หร...
-
This summary is not available. Please click here to view the post.
-
อ้างอิง - http://www.sysnetcenter.com/board/index.php?topic=2028.0 <== อ่านเข้าใจง่าย ประเด็นมีอยู่ว่า เพื่อนที่ทำงานแนะนำ AP แบบ ใช้สำ...
No comments:
Post a Comment