Hello
I'm looking for a lan sniffer that can find out passwords out of the network...
Prefer me sniffers that you sure they work and you've tested it.. 10x
Full Version: What Is The Best Lan Sniffer?
Ettercap is amazingly good and very scary as to how much information it picks up. It's good in LAN setup but can be noisy (lots of ARP broadcasts). It does a MITM/Hijack as well as other "features".
Otherwise, old fashioned tcpdump does the trick for me.
Otherwise, old fashioned tcpdump does the trick for me.
Another oldie but a goodie is Cain and Able.
I'm going to definitely agree with Cain and Abel. Especially if you are on a network with Windows machines, its great cuz it will sniff out the Lanman and NTLM hashes to be cracked.
Small note for ppl on broadband.
Many ppl use the modem placed there by their isp to which the ethernet card connects. One of the most popular ones are the cybersurfr wave modems by motorola. Problem with using packet sniffers is that the modem does not act like a bridge.
Here is a slightly more technical explanation:
Many ppl use the modem placed there by their isp to which the ethernet card connects. One of the most popular ones are the cybersurfr wave modems by motorola. Problem with using packet sniffers is that the modem does not act like a bridge.
Here is a slightly more technical explanation:
| CODE |
| The CyberSurfr system does not operate like conventional CableModems. It's not a bridge device. Motorola uses a propreiatary protocol to connect each modem to the router in a method that's a lot like ATM's concept of PVC's -- Private Virtual Circuits. Other people's data is there but you can't see it because it's in their session with the CMTS, not yours. Even if you found a way to see it, it's 40 bit encrypted, which ain't great, but it's sure going to stop the average 15 year old hacker. The only traffic you will be able to see that's not SPECIFICALLY destined to you is traffic broadcast by the CMTS to all subscribers (usually an ARP broadcast). You CANNOT see traffic unicast or broadcast from any other subscriber. |
So you wont be sniffing anything useful. Of course its -possible- to bypass it but for ppl with an average know how its just not worth it.
Just keep this in mind if you dont get the desired results...
what is the OS where you want sniff ?
Windows => Ethereal is very good
Linux => I like Dsniff
Like say OneNight sniffing all packets is very difficult with the last network hardware who secure connexions in a network
But it s work with some research and test 
Windows => Ethereal is very good
Linux => I like Dsniff
Like say OneNight sniffing all packets is very difficult with the last network hardware who secure connexions in a network
But it s work with some research and test
For windows I like Eeye IRIS, with iris it's easy to sniff e-mail, web etc. with really good GUI
Commview is my favorate.
Cain and able are "password sniffers" not a real sniffer.
Cain and able are "password sniffers" not a real sniffer.
yes iris is very easy to use and very good GUI interface
Great tool, it s true
Great tool, it s true
i love ettercap 
, really great as MsMittens already said! (she always says good stuff )
, really great as MsMittens already said! (she always says good stuff )
i use trying Eeye iris but latley been feeling that it isnt working as well as it should.
IRIS > *
well, there are a lot of them, for example:
ps. i like Cain & Abel and its my favorite. Also ettercap is a good one too.
Analyzer
Description
Packet Analyzer for Windows NT. Takes snapshots of ethernet traffic; adjustable buffer and filter; output written to file and screen.
Buttsniff-0_9_3
Description
BUTTSniff plugin for Back Orifice. Updated version
Packet Sniffer 2
Description
Packet Sniffer 2.0 - Nice free packet sniffer for Win32.
Winsniffer 1.1
Description
Winsniffer is a packet sniffer for the Windows console designed to be effecient and flexible. Screenshot available here. This is a trial version. Homepage: http://winsniff.hypermart.net.
Also good programs for sniffers:
Rnbtname
Description
Rnbtname.exe does the reverse - it takes the mangle and converts it back into a NetBIOS name - perfect for sniffers.
Vpacket
Description
How to make your own sniffers for windows.
Enjoy the info and good luck with it
ps. i like Cain & Abel and its my favorite. Also ettercap is a good one too.
Analyzer
Description
Packet Analyzer for Windows NT. Takes snapshots of ethernet traffic; adjustable buffer and filter; output written to file and screen.
Buttsniff-0_9_3
Description
BUTTSniff plugin for Back Orifice. Updated version
Packet Sniffer 2
Description
Packet Sniffer 2.0 - Nice free packet sniffer for Win32.
Winsniffer 1.1
Description
Winsniffer is a packet sniffer for the Windows console designed to be effecient and flexible. Screenshot available here. This is a trial version. Homepage: http://winsniff.hypermart.net.
Also good programs for sniffers:
Rnbtname
Description
Rnbtname.exe does the reverse - it takes the mangle and converts it back into a NetBIOS name - perfect for sniffers.
Vpacket
Description
How to make your own sniffers for windows.
Enjoy the info
and good luck with it
just a question for you guys...
maybe a dumb one but I was wondering if...
When you do some packet sniffing on a lan...
is it detectable...?
and how?
maybe a dumb one but I was wondering if...
When you do some packet sniffing on a lan...
is it detectable...?
and how?
Yes and no. Depends on the tool. Passive tools like TCPDump are pretty undetectible because they are just that. Passive. They listen like an eavesdropper on the phone.
Active tools like Ettercap, which do MITM techniques and use massive arp broadcasts, can be detected online (if used in their password collection state). So tools that actively go in search of hosts to monitor would be detectable. I can usually figure out ettercap usage (my students do play with it a lot in the wargames I run in class) by firing up tcpdump and watching for massive broadcast arp requests.
Active tools like Ettercap, which do MITM techniques and use massive arp broadcasts, can be detected online (if used in their password collection state). So tools that actively go in search of hosts to monitor would be detectable. I can usually figure out ettercap usage (my students do play with it a lot in the wargames I run in class) by firing up tcpdump and watching for massive broadcast arp requests.
| QUOTE (predx @ Mar 29 2004, 08:24 AM) |
| i use trying Eeye iris but latley been feeling that it isnt working as well as it should. |
I am also a big fan of Iris. But I have found it has 2 problems.
- Cost! (holy moly is it expensive)
- High Requirments (You need a bulky machine when running it on a heavy usage network)
If you don't the box will drop packets or just lock up.
I have heard that it is possible to find computers running in promiscuous mode by sending a specially crafted packet (ping perhaps) with that machine's real ip, but a spoofed MAC address. If you get a response, it's sniffing.
hi mates, need a lot of help!
i have discovered a lan full of terminal servers , but with my user a can only logon to one specific server...
is there a way to scan all the terminal services in lan?
to get the administrator pass of whole network or different users of the terminal servers??
plz. help as fast as u can!
i have discovered a lan full of terminal servers , but with my user a can only logon to one specific server...
is there a way to scan all the terminal services in lan?
to get the administrator pass of whole network or different users of the terminal servers??
plz. help as fast as u can!
think u choose the wrong way to ask that question m8. dont think noones gonna help u hack like that
why ? my english is as worse (i know)
but I´m only serching for a way to lookup the passes of the terminal servers
on a specific lan plz . help
but I´m only serching for a way to lookup the passes of the terminal servers
on a specific lan plz . help
well, i use the cain and i say that is very good proggie
but i have "problem" eith the mail passwords.my school has mail server and i can take the passes mery easy.but when i client use yahoo or hotmail what can i do?is there any program to take that passes?
thanks
but i have "problem" eith the mail passwords.my school has mail server and i can take the passes mery easy.but when i client use yahoo or hotmail what can i do?is there any program to take that passes?
thanks
My choice is dsniff
can these applications detected by IDS? ettercap, ethereal, abel, and etc. and which cant be detected by IDS?
Im doing a project on snort auto-config IPTABLE
if there's any recommendation please tell me. Thx in advance
Im doing a project on snort auto-config IPTABLE
if there's any recommendation please tell me. Thx in advance
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
