Packet Capture
Results 1 to 7 of 7

Thread: Packet Capture

  1. #1
    Senior Member
    Join Date
    May 2002
    Posts
    256

    Packet Capture

    I have been puzzled over the past few days as to why Caine/Abel can see packets from another IP (.0.2) on my same network, yet when running a packet capture tool (Ethereal etc) I can not see the .0.2 address at all. The only thing I can think of is that Cain does some ARP poisoning. I would like to capture the packets from the 0.2 machine and recreate them (to an extent). Any suggestions? The machine that I ran the capture tools on is a laptop connected wirelessly to the router. I tried both wired and wireless and they both fail to show any captured packets. Thanks

    OS -XP Pro SP2 (laptop)
    OS of desktop -XP Home SP2
    Both have the firewall off.
    Router is a Netgear wireless 802.11b
    Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.

  2. #2
    Senior Member
    Join Date
    Apr 2005
    Posts
    123
    I think your post is against the Antionline rules.
    But anyway, make sure that your network card is in promiscuous mode, and i belive that ethereal have a rule like "<from ip > <to ip>".

  3. #3
    Senior Member
    Join Date
    May 2002
    Posts
    256
    To my knowledge it is not against the rules, but if it is, please remove the post and let me know about it. I have yet to see a rule for that so if someone can shed some light on that with Ethereal, that would help. The card automatically gets placed into prom. mode.
    Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Cain and Abel does do arp spoofing. Thats why you can see the traffic. If you use ethereal WHILE using Cain and Abel.. then ethereal will see the packets too.

    If you are just using Ethereal and not both together... you'll only see the traffic destined to your PC. That is assuming that you are using a switch, and not a hub.

    There are other tools that do this too. Look into hunt and ettercap.

    Pretty nifty tools to play around with. You can hijack the traffic from one host and redirect it to a nonexisting host. That basically will cause a DoS against the legitimate host. Their traffic basically gets routed to nowhere.. Fun for practicle jokes... or to knock off my roomates PC because he is downloading so many torrents... I can't do anything on the net.

    There are quite a few other nice features. Play around. Just do it on your own gear so you don't get into trouble.

    http://ettercap.sourceforge.net/

    http://www.sns.ias.edu/~jns/security/hunt_README
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    What phishphreek80 is correct. You could also use a tool like ARPToxin with Ethereal as well:

    http://www.phrite.net/default.php?page=tools&id=1

    give it a shot.

    By the way, I see no way in which your post would be against the rules.

  6. #6
    Senior Member
    Join Date
    May 2002
    Posts
    256
    AWSOME! See, I knew this was the place to ask Yall rock. Bluelight special on greens
    Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.

  7. #7
    Senior Member
    Join Date
    Apr 2005
    Posts
    123
    you can try DSniff, its a great tool

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •