Shulou(Shulou.com)06/01 Report--

As we all know, kali linux provides a large number of security software, each of which has different functions (probably divided into 12 categories, click on Baidu encyclopedia)

Enjoy a wave of kalilinux

Get to the point (almost digress) Today is about intranet sniffing.

Ettercap:ettercap is a complete set of middleman tools. It features sniffing real-time connections, real-time filtering content, and other interesting techniques. It supports active and passive dissection of many protocols, including many features of network and host analysis.

Enable routing forwarding (otherwise the victim will not be able to access the Internet)

If it is 1, it has already been turned on (I won't say much about it).

Ettercap-G launches graphical interface

You can also start it as shown in the picture.

Click the Sniff tab, click Unified sniffing

Select the network interface (eth0 is wired, wlan0 is unlimited)

Click the Host tab-- > Scan for hosts very quickly, and Ettercap lists all the Class C addresses under the network-- > Click the host tab and click host list to view it (see figure).

Click 192.168.1.102 (IP) to add to Target 1, and click 192.168.1.1 (gateway address) to add to Target 2

Set the middleman Mitm- > arp poisoning...- > Sniff remote connections

Check the number to confirm.

Start- > Start sniffing start listening

Click view-- connections to start viewing the connection (see figure)

Command line mode

Ettercap-T-Q-I wlan0-M arp:remote / 192.168.1.102 Universe 192.168.1.1 /

How to use ettercap. Parameters are described in detail:

-P use plug-ins

-T uses a text-based interface

-Q start non-echo

-M starts ARP spoofing

192.168.1.102 / the target host, the second 192.168.1.1 gateway ip

Ettercap-I wlan0-Tq-M arp:remote / 192.168.1.100-253 / / 192.168.1.1 /

The content in the first ip address is the target being deceived, and the second is the gateway. Can be written as empty, indicating all deceptions

Arpspoof: we keep sending ARP answers from the victim's computer telling him that the MAC address belongs to the gateway machine (router). The IP is our MAC address. After a while, the victim's computer will trust us and enter the wrong entry in his ARP cache. Next time, the victim wants to send an IP packet to the gateway, and he sends an Ethernet frame to our MAC address, so we actually get the packet to do the same thing as the gateway.

To tell the victim host that we (our MAC address) now belong to the IP of the gateway, enter the following command:

# arpspoof T victim Gateway

In a separate shell, we start entering commands to deceive the gateway, believing that we are the victims.

# victims of arpspoof T Gateway

You can now view all traffic from the victim host and the external network through your host.

Arpspoof-I eth0-t 192.168.1.1 192.168.1.102

-I

Specify which network interface of the machine, you can use the ifconfig command to view the list of machine interfaces.

-c

Own | host | both

-t

Specify the target of the arp***

-r

Host

If you want to intercept the communication between the * * machine and which host, it is usually the gateway.

Driftnet: is a simple and practical image capture tool, which can easily capture pictures in network packets. The tool can capture pictures in specified data packets in real time and offline.

Parameter:-b beeps when a new picture is captured

-I interface select listening interface

-f file reads a picture in a specified pcap packet

-p do not allow listening interfaces to use promiscuous mode

-a background mode: save the captured pictures to the directory (will not be displayed on the screen)

-m number specifies the number of pictures saved

-d directory specifies the path where the picture is saved

-x prefix specifies the prefix name in which the picture is saved

Real-time monitoring: driftnet-I eth0 (see figure)

This is the picture you overheard and click to download it to the local / root directory.

Urlsnarf: Urlsnarf works just like other sniffer programs in this toolkit, it works according to web url. It stores any url it sniffs from http traffic into a log file that can be analyzed later. It is the easiest way to view information browsed on the local area network (no official website found)

The parameters are shown in figure o (figure #). If you read it, you should understand it.

And two packet interception tools

Wireshark:Wireshark (formerly known as Ethereal) is a network packet analysis software. The function of network packet analysis software is to retrieve network packets, display the most detailed network packet information as possible, and obtain cookie and unencrypted plaintext passwords.

Just knock and come out.

Click the middle Capture to select wlan0, and then click Start to start the interception.

There are many other tools in the intranet. I won't talk about it here.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.