Greetings, I've just started playin with cain and the arp poisoning. Is there a way to have a msn gui sniffer work with arp poisoning and if so how?

OK, if i read you right - you want to capture what the person see's in the text messages ??

I've never used C&A for ARP Poisoning, so im not sure on it limitations, plugins. whatnot... But what your wanting is something like Ethereal packet sniffer...

Start poisoning the test PC's, then fireup Ethereal - Ethereal is extremely powerful with its filtering possibilities, so you can end up checking each packet for MSN's 'PRIVMSG' equiv. data that tells the GUI that this is a message from this users and just display that information...

Once the sniffer and poisoning are underway, goto the other PC's or VMWare images or however your doing it, and start a conversation between yourself and another person, put in code like TESTAABBTEST then stop the sniffer. Go back to your ethereal packets, and find the ones with that string in there. The new ethereal can follow streams so it makes your life a little easier.

From those ethereal logs, you can make custom filters to only display those packets, then screen those packets for just the data of the conversation - that can be done with a little programming or googling for another skiddie script that most users have no idea what its doing - which is the worse way of learning - if your interested in that, sorry for wasting my time.

I quiet enjoy reading packet logs, figuring out what packet did what, should look into it.

u could use cain as arp poisoning tool then et any msn sniffer available and run it u will see the conversations .. u may see the messages repeated more than once ..

Thanks for the replies. Yes I've just started playing with ethereal so I'll figre out the filters soon enough. Checking out the packets and seeing what exactly is goin on is pretty interesting.

Now I think I have a problem with the arp poisoning, I am able to view conversations from the target pc to test pc but when the target is chatting to someone not on the network the messages cannot be viewed. I'm using some generic msn gui sniffer (that shows you the conversations almost in realtime msn style) I'll try locate links if needed.

Am I doin something wrong or would I not be able to see this? I belive Im doin the arp poisoning properly because cain is able to capture some passwords ect ect but I probably don't knew enough atm to help much more. I'll keep reading and learning but any info you might have is appreciated.


Thanks

There are some msn spesific sniffers you can checkout from majorgeeks or similiar website

MSN Sniffers I'm using/playing with

http://www.awinsoft.com/msnmonitor.htm

and

http://www.effetech.com/msn-sniffer/

Both seem to work fine and I'm not 100% sure about how great these appz really are from a technical standpoint, they seem pretty noobish but atm it's perfect for me.

This is one reason to make sure your chat client has a chat encryption feature like trillion pro's for instance

you just never know who's listening

There is also a old DOS-based app called ettercap that works well for sniffing IM communication.
ComSec - AIM supports SSL Certs now