Develop common, cross-platform scripts for UNIX, Linux, and Windows, from a single Windows desktop - using the power of more than 350 command-line utilities, and CGI scripts. - Click here
^ click above ^
06.24.03


By Mati Aharoni

When it comes to Network Security, my philosophy is – "You can't afford to know less than the Hacker." This means that in order to protect ourselves effectively, we need to understand and experience the same tools and techniques that are used against us.

The following article is a short introduction to EtterCap 0.6a, described by its authors simply as "a multipurpose sniffer / interceptor / logger for switched LANs".

Ettercap heaviliy relies on ARP spoofing, and if this concept is new to you, you might want to read more about it (at www.mutsonline.com for example) before attempting this tutorial.

NOTE: ARP spoofing could cause damage to your network!

Be sure to try this in a separate lab environment! Ettercap can be found at http://ettercap.sourceforge.net.

(from the README file):
EtterCap is a multipurpose sniffer / interceptor / logger for a switched LAN. It supports active and passive dissection of many protocols (even ciphered ones) and includes many features for network and host analysis. These features include
Resources for Security Professionals
  1. Characters injection in an established connection: You can inject character to server (emulating commands) or to client (emulating replies) maintaining the connection alive!


  2. SSH1 support: you can sniff User and Pass, and even the data of an SSH1 connection.


  3. HTTPS support: you can sniff http SSL secured data... and even if the connection is made through a PROXY


  4. Remote traffic through GRE tunnel: you can sniff remote traffic through a GRE tunnel from a remote Cisco router and make mitm attack on it


  5. PPTP broker: you can perform man in the middle attack against PPTP tunnels


  6. Password collector for: TELNET, FTP, POP, RLOGIN, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, NAPSTER, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, HALF LIFE, QUAKE 3, MSN, YMSG.


  7. Packet filtering/dropping: You can set up a filter that search for a particular string (even hex) in the TCP or UDP payload and replace it with yours or drop the entire packet.


  8. OS fingerprint: you can fingerprint the OS of the victim host and even its network adapter


  9. Kill a connection: from the connections list you can kill all the connections you want


  10. Passive scanning of the LAN: you can retrieve info about: hosts in the LAN, open ports, services version, type of the host (gateway, router or simple host) and estimated distance in hop.


  11. Check for other poisoners: EtterCap has the ability to actively or passively find other poisoners on the LAN.
We will examine only a few of EtterCap's features – the rest is up to you.
  1. The lab network consists of the following computers. 192.168.1.138 is the default Gateway. I'm using a Cisco Catalyst 2900XL Switch (switched environment).


Click Here to Read the Full Article
About the Author:
Mati Aharoni, MCSES, MCT, CCNA, CCSA, CISSP
Visit the Security through Hacking Web site at http://www.mutsonline.com for additional information.
Read this newsletter at: http://www.securitypronews.com/2003/0624.html

 

 

 

 

 

 

 

 

-- SecurityProNews is an iEntry, Inc. publication --
2003 iEntry, Inc.  All Rights Reserved  Privacy Policy  Legal