Re: ettercap anyone?

Subject: Re: ettercap anyone?
From: Cdowns (cdowns@lifeatzero.com)
Date: Mon Dec 03 2001 - 17:33:55 MST

usually it would be under /usr/ports/ on BSD but seeing you are on MacOSx it
should still compile here is the link
http://209.100.212.5/cgi-bin/search/search.cgi?searchvalue=ngrep
grab version 1.37. You may have to tweek the Makefile I dont know. You wont
get a true test from the localhost as you will need another machine to test
your own.

Hope this helps

~>D

Reid Anderson wrote:

> and where would I find ngrep for OS X? (I realize it might not exist)
> The only sniffing I am doing so far is sniffing outgoing Instant
> Messages...
>
> On Monday, December 3, 2001, at 07:13 PM, Cdowns wrote:
>
> > this is the easy way with ngrep
> >
> > scumbag# ngrep -wiA2 'user|pass'
> > interface: xe0 (192.168.20.0/255.255.255.0)
> > match: ((^user|pass\W)|(\Wuser|pass$)|(\Wuser|pass\W))
> > #####
> > T 192.168.20.118:3185 -> 64.39.89.37:110 [AP]
> > USER scumbag..
> > #
> > T 64.39.89.37:110 -> 192.168.20.118:3185 [A]
> > #
> > T 64.39.89.37:110 -> 192.168.20.118:3185 [AP]
> > +OK ..
> > #
> > T 192.168.20.118:3185 -> 64.39.89.37:110 [AP]
> > PASS P71ZpXcr77d..
> > #
> > T 64.39.89.37:110 -> 192.168.20.118:3185 [AP]
> > +OK ..
> > #
> > T 192.168.20.118:3185 -> 64.39.89.37:110 [AP]
> > STAT..
> > #######
> >
> > ~>D
> >
> >
> > Reid Anderson wrote:
> >
> >> using ettercap, I get told that I can't ARP myself! I would like to
> >> do
> >> this to myself before anyone else...
> >>
> >> On Monday, December 3, 2001, at 06:42 PM, Cdowns wrote:
> >>
> >>> all you have to do is select the src as the machine you want to grab (
> >>> password ) and then dest as the gateway and hit "a" (for APR becuase
> >>> you
> >>> will need to poison the ARP cache of both machines on the keyboard)
> >>> sit
> >>> back and wait. Cake walk. you could also use ngrep which will do this
> >>> very
> >>> easily.
> >>>
> >>> ~>D
> >>>
> >>> Reid Anderson wrote:
> >>>
> >>>> Has anyone used ettercap before? It is a packet sniffer that I am
> >>>> trying
> >>>> to use to prove to our silly College Email Admins that we need to use
> >>>> secure email passwords and that our web based email system is highly
> >>>> unsecure. I am trying to packet sniff my own machine first (it's a
> >>>> little more legal that way) and then I might just get the email
> >>>> admins
> >>>> password and send her a message from herself! Anyway, If anyone has
> >>>> used
> >>>> ettercap (or any other packet sniffer that might run under OS X),
> >>>> could
> >>>> you please tell me a little more about using it other than what it
> >>>> has
> >>>> in ettercap --help. I have been able to view thge html code being
> >>>> viewed by many people, but only within my own subnet 150.209.130.x
> >>>> but I
> >>>> would like to be able to see outside my subnet to the general domain
> >>>> 150.209.x.x. Any help would be greatly appreciated!
> >>>>
> >>>> Thanks
> >>>> Reid Anderson
> >>>> resander@cs.hamilton.edu
> >>>
> >

This archive was generated by hypermail 2a24 : Mon Dec 03 2001 - 17:56:13 MST