Sniffing ?

fUSiON

Sep 14 2003, 02:47 PM

Hi all,
Does anybody know how to sniff with changed MAC adress ?, are there better ways ?? Do i need tools like ethereal for sniffing someone with changed mac adress..
I use winxp, so if someone got nice tools i would thank ya much

..

ThX
Sorry for my bad english..

optikphase

Sep 14 2003, 06:06 PM

You can try Ettercap. It's a pretty good tool for mac spoofing and mitm (man in the middle) attacks. It also has several other great uses, but ya gotta RTFM.

[QUOTE] Don't fear me, fear you, for you are the reason I do what I do.

t0bban

Sep 15 2003, 09:18 AM

QUOTE (fUSiON @ Sep 14 2003, 02:47 PM)

Hi all,
Does anybody know how to sniff with changed MAC adress ?, are there better ways ?? Do i need tools like ethereal for sniffing someone with changed mac adress..
I use winxp, so if someone got nice tools i would thank ya much

..

ThX
Sorry for my bad english..

I'm not sure about the sniffing part, but "Cain and Abel" has the functionality of spoofing the MAC adress, dunno if it's spoofing ARP Poisoning what :-)

Try it out, read the manual, it's bloody awesome.

Dillinja

Sep 15 2003, 09:38 AM

Very good paper on ARP poisoning on the front page of this site. Im doing a paper on the same subject at the moment too.

Ettercap is definatly an excellent tool...its been uploaded here too...check out file d/l section!

t0bban

Sep 15 2003, 02:37 PM

QUOTE (Dillinja @ Sep 15 2003, 09:38 AM)

Very good paper on ARP poisoning on the front page of this site. Im doing a paper on the same subject at the moment too.

Ettercap is definatly an excellent tool...its been uploaded here too...check out file d/l section!

I'd like to see your paper on that later Dill.

ComSec

Sep 16 2003, 12:29 PM

Cain & abel will sniff and spoof also from the same crew is sTerm

sTerm is a Telnet client with a unique feature. It can establish an entire bi-directional Telnet session to a target host never sending your real IP and MAC addresses in any packet. By using "ARP Poisoning", "MAC Spoofing" and "IP Spoofing" techniques sTerm can effectively bypass ACLs, Firewall rules and IP restrictions on servers and network devices. the connection will be done impersonating a Trusted Host.

http://www.oxid.it/sterm.html

t0bban

Sep 16 2003, 01:52 PM

QUOTE (ComSec @ Sep 16 2003, 12:29 PM)

Cain & abel will sniff and spoof also from the same crew is sTerm

sTerm is a Telnet client with a unique feature. It can establish an entire bi-directional Telnet session to a target host never sending your real IP and MAC addresses in any packet. By using "ARP Poisoning", "MAC Spoofing" and "IP Spoofing" techniques sTerm can effectively bypass ACLs, Firewall rules and IP restrictions on servers and network devices. the connection will be done impersonating a Trusted Host.

http://www.oxid.it/sterm.html

Thanks for the advice ComSec.
I'll look into that one aswell.
I love the spoofing stuff.
While on to spoofing, anyone know if it's possible to spoof your IP when visiting HTTP pages or generally spoofing your IP at all?

Instead of using proxys that is.

ComSec

Sep 17 2003, 01:09 AM

QUOTE

anyone know if it's possible to spoof your IP when visiting HTTP pages

yeah t0bban...here is a program from a friend of mine from deny Wolfman

Zspoof- Http Refferer Spoofer

see tools section....

http://wolfman.deny.de/

Dillinja

Sep 17 2003, 09:45 AM

QUOTE (t0bban @ Sep 15 2003, 03:37 PM)

QUOTE (Dillinja @ Sep 15 2003, 09:38 AM)

Very good paper on ARP poisoning on the front page of this site. Im doing a paper on the same subject at the moment too.

Ettercap is definatly an excellent tool...its been uploaded here too...check out file d/l section!

I'd like to see your paper on that later Dill.

Posted it up yesterday mate!

http://forums.governmentsecurity.org/index...t=0&#entry13097