How to use Ettercap for sniffing.
1. install none graphic
$ sudo apt-get install ettercap
# run by comand ettercap
2. or graphic have user interface
sudo apt-get install ettercap-gtk
# run by command ettercap --gtk or go to "Application" => "Internet" => "ettercap"
3. use program ettercap graphic step by step
# At menu "Sniff" => "Unified sniffing..." Shift+U => Select interface for sniffer
# Then menu in menu bar changed at menu "Hosts" => "Scan for hosts"
# At menu "Host" => "Host List" for show all ip in your subnet
# and at menu "Host List" add victim ip (mitm between 2 machine or more)
- select gateway ip and click "Add to Target 1"
- select victim ip for sniffer and click "Add to Target 2"
# At "Targets" => "Current Targets" to show victim ip for sniffer
Example :
-(target 1) ip 192.168.1.1 , mac aa:aa:aa:aa:aa:aa (gateway)
-(target 2) ip 192.168.1.38 , mac xx:xx:xx:xx:xx:xx (victim)
-(sniffer) ip 192.168.1.55 , mac zz:zz:zz:zz:zz:zz (sniffer)
# At menu Mitm => Arp poisoning... => Optional parameters
## Option 1 "Sniff remote connections." ##
# If you check "Sniff remote connections." and ok for prepare sniffing
(Result Check this for sniffing packet victims to gateway and gateway to victims)
on 192.168.1.1 if use command > arp -a (target 1)
Internet address : 192.168.1.38
Physical address : zz:zz:zz:zz:zz:zz (fake mac, sniffer mac)
Type : dynamic
on 192.168.1.38 if use command > arp -a (target 2)
Internet address : 192.168.1.1
Physical address : zz:zz:zz:zz:zz:zz (fake mac, sniffer mac)
Type : dynamic
192.168.1.38 can not use internet because fake mac gateway ^^'
- u(sniffer) can capture packet send from victim(target 2) to gateway(target 1)
- and can capture packet send from gateway to victim
- packet from gateway can not go to victim
- packet from victim can not go to gateway
- because packet from victim and gateway only to sniffer
- and sniffer not forward to victim or gateway
- if sniffer want forward to victim or gateway must "start sniffer"
- so victim can not use internet ^^'
### Start sniffer
# At menu "Start" if u(sniffer) click "Start" => "Start sniffing"
- packet from victim to gateway forward by sniffer
- packet from gateway to victim forward by sniffer
- victim can use internet and can ping gateway and gateway can ping victim by pass sniffer in middle
- if u(sniffer) want to stop arpspoof at "Mitm" => "Stop mitm attack(s)
- this option can check (befor sniffer run arpspoof) by victim use command arp -a for check real mac gateway
# At menu Mitm => Arp poisoning... => Optional parameters
## Option 2 "Only poison one-way." ##
# If you check "Only poison one-way." and ok
(Result check this for agitate)
(Agitate by send fake mac(victim) on gateway but real mac(gateway) on victims)
on 192.168.1.1 if use command > arp -a (target 1)
Internet address : 192.168.1.38
Physical address : zz:zz:zz:zz:zz:zz (fake mac, sniffer mac)
Type : dynamic
on 192.168.1.38 if use command > arp -a (target 2)
Internet address : 192.168.1.1
Physical address : aa:aa:aa:aa:aa:aa (real gateway mac)
Type : dynamic
- u(sniffer) can capture packet send from gateway(target 1) to victim(target 2)
- because on gateway 192.168.1.38 mac(fake mac sniffer) ^^'
- but can not capture packet send from victim to gateway
- because on victim 192.168.1.1 mac(real mac gateway)
- so Packet from gateway can not go to victim (to sniffer)
- but packet from victim can go to gateway (gateway can't reply)
- and so victim can not use internet because gateway reply incorrect ^^'
# Result
1. Change to use fake mac on victim and gateway
- if u want to change mac gateway on vitim and change mac victim on gateway
- must add gateway to target 1 and victim target 2 and use ## Option 1
2. Change to use fake mac victim on gateway but use real mac gateway on victim
- If u want only to change mac victim on gateway and on victim use real mac gateway
- must add gateway to target 1 and victim target 2 and use ## Option 2
3. Change to use fake mac gateway on victim but use real mac victim on gateway
- If u want only to change mac gateway on victim and on gateway use real mac victim
- must add gateway to target 2 and victim target 1 and use ## Option 2
4. Start sniffing for capture packet from them
- use result 1
- and must click "Start" => "Start sniffing"
5. ARP static should setting on gateway and client ^^' to ok
- ettercap on windows
- download
- ettercap web
Ref : wikipedia.org
No comments:
Post a Comment