Tutorial on Network Traffic Sniffing using Ettercap and Wireshark

Introduction

• Objective: Demonstrate how to capture network traffic using Ettercap and Wireshark to perform a man-in-the-middle (MITM) attack.
• Scope: Capture traffic from other computers, not just your own.
• Context: Useful for internal penetration testing.

Tools Overview

Ettercap

• Purpose: Versatile tool for network security.
• Uses: Man-in-the-middle attacks, network sniffing, protocol dissection.

Wireshark

• Purpose: Powerful packet analyzer.
• Uses: Capture and scrutinize network data.

Man-in-the-Middle Attack

• Phase: Considered part of reconnaissance phase by the presenter.
• Method: Attack routing tables within routing domain to collect data aggressively.

Demonstration of Attack

• Setup:
  • Cyrix level 3 server as the target.
  • Clone of Kali Linux as the victim box.
• Tools Used: Ettercap and Wireshark via eth0 network connector.
• Execution:
  • Start Ettercap in graphic interface mode.
  • Capture DHCP traffic and other broadcasts.
  • On victim box, attempt to log into Cyrix server with fake credentials.
• Outcome:
  • Ettercap captures username and password fields.
  • Wireshark confirms the capture.

Post-Attack Analysis

• Wireshark Usage:
  • Used for Passive information gathering.
  • Use statistics to identify communication endpoints.
  • Analyze packets and apply filters to focus on specific protocols or hosts.
• Value: Identifies high-value targets and maps internal network configurations more accurately.

Ethical Considerations

• Permission: Always have customer permission to conduct such attacks.
• Guidelines: Adhere to ethical and legal standards.

Conclusion

• Wrap-Up: Importance of responsible use of network sniffing tools.
• Call to Action: Subscribe, join Discord for more discussion on pentesting.

• Disclaimer: The tutorial is for ethical hacking and educational purposes only.