UnDeRTaKeR
Mar 18 2004, 02:22 PM
Hello
I'm looking for a lan sniffer that can find out passwords out of the network...
Prefer me sniffers that you sure they work and you've tested it.. 10x
MsMittens
Mar 18 2004, 02:26 PM
Ettercap is amazingly good and very scary as to how much information it picks up. It's good in LAN setup but can be noisy (lots of ARP broadcasts). It does a MITM/Hijack as well as other "features".
Otherwise, old fashioned tcpdump does the trick for me.
SgtRush
Mar 18 2004, 03:04 PM
Another oldie but a goodie is Cain and Able.
SyN/AcK
Mar 18 2004, 03:14 PM
I'm going to definitely agree with Cain and Abel. Especially if you are on a network with Windows machines, its great cuz it will sniff out the Lanman and NTLM hashes to be cracked.
OneNight
Mar 18 2004, 05:14 PM
Small note for ppl on broadband.
Many ppl use the modem placed there by their isp to which the ethernet card connects. One of the most popular ones are the cybersurfr wave modems by motorola. Problem with using packet sniffers is that the modem does not act like a bridge.
Here is a slightly more technical explanation:
| CODE |
The CyberSurfr system does not operate like conventional CableModems.
It's not a bridge device. Motorola uses a propreiatary protocol to
connect each modem to the router in a method that's a lot like ATM's
concept of PVC's -- Private Virtual Circuits. Other people's data is
there but you can't see it because it's in their session with the CMTS,
not yours. Even if you found a way to see it, it's 40 bit encrypted,
which ain't great, but it's sure going to stop the average 15 year old
hacker.
The only traffic you will be able to see that's not SPECIFICALLY
destined to you is traffic broadcast by the CMTS to all subscribers
(usually an ARP broadcast). You CANNOT see traffic unicast or broadcast
from any other subscriber.
|
So you wont be sniffing anything useful. Of course its -possible- to bypass it but for ppl with an average know how its just not worth it.
Just keep this in mind if you dont get the desired results...
Pro21
Mar 18 2004, 05:52 PM
what is the OS where you want sniff ?
Windows => Ethereal is very good
Linux => I like Dsniff
Like say OneNight sniffing all packets is very difficult with the last network hardware who secure connexions in a network
But it s work with some research and test
setthesun
Mar 18 2004, 06:04 PM
For windows I like Eeye IRIS, with iris it's easy to sniff e-mail, web etc. with really good GUI
muts
Mar 19 2004, 09:37 AM
Commview is my favorate.
Cain and able are "password sniffers" not a real sniffer.
Pro21
Mar 19 2004, 10:29 AM
yes iris is very easy to use and very good GUI interface
Great tool, it s true
fuze
Mar 22 2004, 06:13 PM
i love ettercap
, really great as MsMittens already said! (she always says good stuff
)
predx
Mar 29 2004, 01:24 PM
i use trying Eeye iris but latley been feeling that it isnt working as well as it should.
technoboy
Mar 29 2004, 06:02 PM
IRIS > *
Psychotec
Apr 4 2004, 02:11 PM
well, there are a lot of them, for example:
ps. i like Cain & Abel and its my favorite. Also ettercap is a good one too.
AnalyzerDescriptionPacket Analyzer for Windows NT. Takes snapshots of ethernet traffic; adjustable buffer and filter; output written to file and screen.
Buttsniff-0_9_3DescriptionBUTTSniff plugin for Back Orifice. Updated version
Packet Sniffer 2DescriptionPacket Sniffer 2.0 - Nice free packet sniffer for Win32.
Winsniffer 1.1DescriptionWinsniffer is a packet sniffer for the Windows console designed to be effecient and flexible. Screenshot available here. This is a trial version. Homepage:
http://winsniff.hypermart.net.
Also good programs for sniffers:Rnbtname DescriptionRnbtname.exe does the reverse - it takes the mangle and converts it back into a NetBIOS name - perfect for sniffers.
Vpacket DescriptionHow to make your own sniffers for windows.
Enjoy the info
and good luck with it
K0ZZM0
Apr 4 2004, 05:00 PM
just a question for you guys...
maybe a dumb one but I was wondering if...
When you do some packet sniffing on a lan...
is it detectable...?
and how?
MsMittens
Apr 4 2004, 05:11 PM
Yes and no. Depends on the tool. Passive tools like TCPDump are pretty undetectible because they are just that. Passive. They listen like an eavesdropper on the phone.
Active tools like Ettercap, which do MITM techniques and use massive arp broadcasts, can be detected online (if used in their password collection state). So tools that actively go in search of hosts to monitor would be detectable. I can usually figure out ettercap usage (my students do play with it a lot in the wargames I run in class) by firing up tcpdump and watching for massive broadcast arp requests.
GSecur
Apr 4 2004, 11:00 PM
| QUOTE (predx @ Mar 29 2004, 08:24 AM) |
| i use trying Eeye iris but latley been feeling that it isnt working as well as it should. |
I am also a big fan of Iris. But I have found it has 2 problems.
- Cost! (holy moly is it expensive)
- High Requirments (You need a bulky machine when running it on a heavy usage network)
If you don't the box will drop packets or just lock up.
Richie
Apr 4 2004, 11:28 PM
I have heard that it is possible to find computers running in promiscuous mode by sending a specially crafted packet (ping perhaps) with that machine's real ip, but a spoofed MAC address. If you get a response, it's sniffing.
hellraiza
Apr 8 2004, 01:36 AM
hi mates, need a lot of help!
i have discovered a lan full of terminal servers , but with my user a can only logon to one specific server...
is there a way to scan all the terminal services in lan?
to get the administrator pass of whole network or different users of the terminal servers??
plz. help as fast as u can!
Joc00
Apr 8 2004, 01:43 AM
think u choose the wrong way to ask that question m8. dont think noones gonna help u hack like that
hellraiza
Apr 8 2004, 02:01 AM
why ? my english is as worse (i know)
but I´m only serching for a way to lookup the passes of the terminal servers
on a specific lan plz . help
sam83
May 10 2004, 10:22 PM
well, i use the cain and i say that is very good proggie
but i have "problem" eith the mail passwords.my school has mail server and i can take the passes mery easy.but when i client use yahoo or hotmail what can i do?is there any program to take that passes?
thanks
cobrac
May 15 2004, 11:07 PM
My choice is dsniff
darksp1d3r
May 24 2004, 12:37 PM
can these applications detected by IDS? ettercap, ethereal, abel, and etc. and which cant be detected by IDS?
Im doing a project on snort auto-config IPTABLE
if there's any recommendation please tell me. Thx in advance
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
