One of the most common attacks on local networks, especially in cafes is a man in the middle (MITM) attack. An attacker poses as the network's router through ARP poisoning and then captures or modifies packets. If the concept of ARP poisoning is completely new to you, I advise that you read up on it before continuing. In a nutshell, the attacker spams the network with packets saying that it has the IP address of the router. This means that when devices on the network want to send packets to the router, they will instead send them to the attacker. This gives the attacker two way control. They can browse through whatever packets are sent to and from the router and can modify them. This tutorial focuses on the former.
One of the most interesting pieces of information sent through the packets the attacker intercepts are passwords This tutorial will show you how to intercept these passwords using a wonderful program called Ettercap.
Note: This tutorial assumes your using a linux or unix system (and you should be if you do anything involving security) as Ettercap's GUI is simplest to run under *nix systems.
The first thing you will need to do is download and install Ettercap.You can download it here. If you want an even easier way to run Ettercap (and an abundance of security programs) you should check out Backtrack - my favorite security distro.
Now lets start Ettercap!
ettercap -G
-G tells ettercap to run in it's GTK GUI mode, which is the most useful for now.
If you're using Ettercap on a network with WEP key protection you will have to use the W option, if you want to decrypt packets (you do).
ettercap -W key_length:string_or_passphrase:wep_key -G
where key_length is the length of the WEP key (64, 128 or 256), string_or_passphrase is p or s for a passphrase or string respectively and wep_key is the WEP key. An example run:
ettercap -W 128:p:b3b321e20a1865fed976337d82 -G
The GTK GUI for Ettercap should pop up.