BUSINESSCOMPUTINGEDUCATIONELECTRONICSENGINEERINGENVIRONMENTGAMINGHEALTHINTERNETMOBILEMONEYMULTIMEDIAPARENTINGSCIENCEHUBFOLIO
Linux Mac Windows Hardware Computer Security Enterprise

Ettercap Wifi Sniffing Tutorial (Page 2 of 2)

Article by Dylan Turpin (457 pts ) , published Apr 29, 2009
2 comments

The Fun Begins

We'll only be able to sniff a network on the same subnet as us. The subnet is usually 255.255.255.0 so click on Options >> Set Netmask and enter the subnet of your network. Now lets start sniffing. Click Sniff >> Unified Sniffing and enter the network interface you want to use. If you don't know what you want this to be, try the default value and if that doens't work run 'ifconfig' and 'iwconfig' and check what wireless devices are in use.

Now we need to scout for hosts on the network. Click on Hosts >> Scan for hosts and wait for it to finish. Then click Hosts >> Host List. This will display a list of hosts. Now you need to define targets for the MITM attack. The router should be added to Target 1 and any other hosts you want to ARP poison should be added to Target 2. This is done by clicking on the host then clicking on either Target 1 or Target 2.

Once you've defined your hosts, we need to ARP poison them before we start sniffing. As previously stated this is done by spamming ARP responses that say the routers IP address belongs to our physical address (MAC address). Click on Mitm >> Arp poisoning... to begin. In the next dialogue be sure to check Sniff Remote Connections (or we won't be able to), then click OK./root/Desktop/MITM

Now we can start sniffing. Click Start >> Start sniffing to begin.

Now what?

As soon as someone enters a username and password for almost any online service (think gmail, msn, icq, irc, ssh, to name just a few) it will appear in Ettercap's output window (at the bottom). If they don't, then something was configured wrong (did you check 'Sniff remote connections'?) or nobodies accessing any services.

Protect Yourself

What can you do to protect yourself the next time your in a cafe or on any wireless network?

The best thing you can possibly do is to not access any password protected accounts when you think there is ANY chance someone could intercept it. The next best thing is to access only services that make use of Https which encrypts traffic between a user and a server. There are workarounds for attackers to decrypt your https sessions, but it will probably be more trouble than they're willing to go to.

This is the simplest feature Ettercap has. Through the use of plugins like dns_spoof it can become a far more invasive tool. Expect a tutorial soon and more tips to protect yourself against MITM attacks soon!

More Tutorials!

If you enjoyed this article, be sure to check out Bright Hub's Ettercap DNS Redirection, WIFI WEP Cracking and Wireshark Sniffing tutorials!

prev1
2
Related Links

Comments

Nov 14, 2009 8:50 PM
Paul
wpa
hi, nice tut :). just one question, is there any way to set WPA key instead of WEP in Ettercap?

thanks
Sep 11, 2009 10:22 PM
Ben
HTTPS/SSL
Nice tutorial mate. I couldn't believe it when I read the last paragraphs then checked the date it was posted though...

Ettercap has been capable of sniffing HTTPS usernames and passwords for years. It uses a fake certificate that's easy to spot when visiting 'important' sites like online banking etc. There are two lines you need to uncomment in ettercaps config file.

So, don't accept new certificates ('add exception' in Firefox) without reading them!
 
Top Related Articles
Find More Results
Search
Featured Articles
Most Popular
Must Read
Subscribe to Computer Security
RSS
Get free weekly updates, directly to your inbox.
Subscribe
Topics
Browse Computer Security
Bright Hub - Science & Technology Articles, Buyer's Guides, How-To Tips and Software Reviews
Become Bright Hub Writer