Re: ettercap anyone?

Subject: Re: ettercap anyone?
From: Reid Anderson (resander@cs.hamilton.edu)
Date: Mon Dec 03 2001 - 17:32:11 MST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Charlie Watts: "Re: ettercap anyone?"
• Previous message: Cdowns: "Re: ettercap anyone?"
• In reply to: Cdowns: "Re: ettercap anyone?"
• Next in thread: Cdowns: "Re: ettercap anyone?"
• Next in thread: Reid Anderson: "Re: ettercap anyone?"
• Reply: Reid Anderson: "Re: ettercap anyone?"

and where would I find ngrep for OS X? (I realize it might not exist)
The only sniffing I am doing so far is sniffing outgoing Instant
Messages...

On Monday, December 3, 2001, at 07:13 PM, Cdowns wrote:

> this is the easy way with ngrep
>
> scumbag# ngrep -wiA2 'user|pass'
> interface: xe0 (192.168.20.0/255.255.255.0)
> match: ((^user|pass\W)|(\Wuser|pass$)|(\Wuser|pass\W))
> #####
> T 192.168.20.118:3185 -> 64.39.89.37:110 [AP]
> USER scumbag..
> #
> T 64.39.89.37:110 -> 192.168.20.118:3185 [A]
> #
> T 64.39.89.37:110 -> 192.168.20.118:3185 [AP]
> +OK ..
> #
> T 192.168.20.118:3185 -> 64.39.89.37:110 [AP]
> PASS P71ZpXcr77d..
> #
> T 64.39.89.37:110 -> 192.168.20.118:3185 [AP]
> +OK ..
> #
> T 192.168.20.118:3185 -> 64.39.89.37:110 [AP]
> STAT..
> #######
>
> ~>D
>
>
> Reid Anderson wrote:
>
>> using ettercap, I get told that I can't ARP myself! I would like to
>> do
>> this to myself before anyone else...
>>
>> On Monday, December 3, 2001, at 06:42 PM, Cdowns wrote:
>>
>>> all you have to do is select the src as the machine you want to grab (
>>> password ) and then dest as the gateway and hit "a" (for APR becuase
>>> you
>>> will need to poison the ARP cache of both machines on the keyboard)
>>> sit
>>> back and wait. Cake walk. you could also use ngrep which will do this
>>> very
>>> easily.
>>>
>>> ~>D
>>>
>>> Reid Anderson wrote:
>>>
>>>> Has anyone used ettercap before? It is a packet sniffer that I am
>>>> trying
>>>> to use to prove to our silly College Email Admins that we need to use
>>>> secure email passwords and that our web based email system is highly
>>>> unsecure. I am trying to packet sniff my own machine first (it's a
>>>> little more legal that way) and then I might just get the email
>>>> admins
>>>> password and send her a message from herself! Anyway, If anyone has
>>>> used
>>>> ettercap (or any other packet sniffer that might run under OS X),
>>>> could
>>>> you please tell me a little more about using it other than what it
>>>> has
>>>> in ettercap --help. I have been able to view thge html code being
>>>> viewed by many people, but only within my own subnet 150.209.130.x
>>>> but I
>>>> would like to be able to see outside my subnet to the general domain
>>>> 150.209.x.x. Any help would be greatly appreciated!
>>>>
>>>> Thanks
>>>> Reid Anderson
>>>> resander@cs.hamilton.edu
>>>
>

• Next message: Charlie Watts: "Re: ettercap anyone?"
• Previous message: Cdowns: "Re: ettercap anyone?"
• In reply to: Cdowns: "Re: ettercap anyone?"
• Next in thread: Cdowns: "Re: ettercap anyone?"
• Next in thread: Reid Anderson: "Re: ettercap anyone?"
• Reply: Reid Anderson: "Re: ettercap anyone?"

This archive was generated by hypermail 2a24 : Mon Dec 03 2001 - 17:47:21 MST