I am trying to learn arpspoof to sniff packets from our Test network . My intentions are honest and I am doing this exercise only for learning purpose .
I have installed dsniff 2.3 on a Linux Machine. The installation was done successfully . I am using libnids-1.18 and ibnet-1.0.2a. . These are old versions because the installation of dsniff fails with the latest version of libnids and libnet.
After that I did ARP spoofing so that all traffic from 192.168.16.25 (victim ) is redirected to the attacker machine ( 192.168.16.251 ) . This was done using the following command
I have enabled ip_forwarding on the attacker machine.
Then I tried to sniff username and passwords from the attacker machine using the following command.
dsniff -i eth0 -n -c
But dsniff was not able to sniff any username and password. Although there was traffic from the victim machine as the user (on victim machine) tried to login to a remote site using plain text.
On Tue, 14 Aug 2007, in the Usenet newsgroup comp.os.linux.security, in article , query.cdac@gmail.com wrote:
>I am trying to learn arpspoof to sniff packets from our Test network . >My intentions are honest and I am doing this exercise only for >learning purpose .
Uhuh. I'll say only that honorable use of that tool is extremely limited. Knowledgeable security/networking types can usually obtain the needed information without screwing up basic networking.
>I have installed dsniff 2.3 on a Linux Machine. The installation was >done successfully .
>After that I did ARP spoofing so that all traffic from 192.168.16.25 >(victim ) is redirected to the attacker machine ( 192.168.16.251 ) .
>Then I tried to sniff username and passwords from the attacker machine >using the following command. >dsniff -i eth0 -n -c >But dsniff was not able to sniff any username and password. Although >there was traffic from the victim machine as the user (on victim >machine) tried to login to a remote site using plain text.
OK - so the packet sniffing apparently is working. "tried to login to a remote site using plain text" using what service? telnet? ftp? pop3? some crappy web application? gopher?
What does a simple packet sniffer (tcpdump, ethereral, wireshark, or similar) show?
>Please guide me where I went wrong .
Possibly trying to run before you can walk. Start by learning the basics of packet sniffing, using one of the many common tools. Learn further the many protocols that are used. Also learn how networking devices like switches operate, and how they can effect packet sniffing.
Old guy
Vulnerabilite.com ne peut être tenu responsable des propos tenus dans le Newsgroup comp.os.linux.security
Message de Ibuprofin@painkiller.example.tld (Moe Trin) (14 Aout 2007)
