-
April 25th, 2005, 12:46 AM
#1
Packet Capture
I have been puzzled over the past few days as to why Caine/Abel can see packets from another IP (.0.2) on my same network, yet when running a packet capture tool (Ethereal etc) I can not see the .0.2 address at all. The only thing I can think of is that Cain does some ARP poisoning. I would like to capture the packets from the 0.2 machine and recreate them (to an extent). Any suggestions? The machine that I ran the capture tools on is a laptop connected wirelessly to the router. I tried both wired and wireless and they both fail to show any captured packets. Thanks
OS -XP Pro SP2 (laptop)
OS of desktop -XP Home SP2
Both have the firewall off.
Router is a Netgear wireless 802.11b
Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.
-
April 25th, 2005, 02:53 AM
#2
Senior Member
I think your post is against the Antionline rules.
But anyway, make sure that your network card is in promiscuous mode, and i belive that ethereal have a rule like "<from ip > <to ip>".
-
April 25th, 2005, 03:12 AM
#3
To my knowledge it is not against the rules, but if it is, please remove the post and let me know about it. I have yet to see a rule for that so if someone can shed some light on that with Ethereal, that would help. The card automatically gets placed into prom. mode.
Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.
-
April 25th, 2005, 03:13 AM
#4
Cain and Abel does do arp spoofing. Thats why you can see the traffic. If you use ethereal WHILE using Cain and Abel.. then ethereal will see the packets too.
If you are just using Ethereal and not both together... you'll only see the traffic destined to your PC. That is assuming that you are using a switch, and not a hub.
There are other tools that do this too. Look into hunt and ettercap.
Pretty nifty tools to play around with. You can hijack the traffic from one host and redirect it to a nonexisting host. That basically will cause a DoS against the legitimate host. Their traffic basically gets routed to nowhere.. Fun for practicle jokes... or to knock off my roomates PC because he is downloading so many torrents... I can't do anything on the net.
There are quite a few other nice features. Play around. Just do it on your own gear so you don't get into trouble.
http://ettercap.sourceforge.net/
http://www.sns.ias.edu/~jns/security/hunt_README
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
April 25th, 2005, 03:21 AM
#5
What phishphreek80 is correct. You could also use a tool like ARPToxin with Ethereal as well:
http://www.phrite.net/default.php?page=tools&id=1
give it a shot.
By the way, I see no way in which your post would be against the rules.
-
April 25th, 2005, 03:26 AM
#6
AWSOME! See, I knew this was the place to ask Yall rock. Bluelight special on greens
Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.
-
April 25th, 2005, 11:21 AM
#7
Senior Member
you can try DSniff, its a great tool
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|