ARP Poisoning with Ettercap

Network Sniffing
◾ 
151
Step 3
—Next, click on “Host List” at the top and click on “Scan for host.” It will scan the whole 
network for all live hosts.
Step 4—
Once the scan is complete, from the hosts menu, click on “Hosts List.” It will display 
all the hosts that it has found within your network.
Step 5
—Next, we need to choose our targets. In this case, I would like to perform sniffing 
between my victim host running Windows XP machine on 192.168.75.142 and our default 
gateway 192.168.75.2. We will add 192.168.75.142 to target 1 and add 192.168.75.2 to 
target 2.
Step 6
—Next click on the “MITM” tab at the top and click on “ARP Poisoning” and then click 
“Ok” to launch the attack.
Step 7
—From the following screenshot, you can see that we are capturing all the traffic going 
to and from the default gateway and the victim.

152
◾ 
Ethical Hacking and Penetration Testing Guide
Step 8
—Finally click on “Start sniffing,” and it will start sniffing the traffic. We can check if ARP 
cache has been successfully poisoned by using the “
chk _ poison
” plug-in from Ettercap.
To use this plug-in, click on the plug-ins menu at the top, and it will display several plug-ins:
Just double-click on the “
chk _ poison
” plug-in, and it will tell you if poison is successful. 
It will show you the following output:
Next, we can use Wireshark to capture all the traffic between the victim’s machine and the 
default gateway like we did earlier.
We can also launch a denial-of-service attack, which I talked about earlier, by using the 
“
dos _ attack
” plug-in. Another interesting plug-in is “
auto _ add
,” which will automati-
cally add any new targets it finds on your network.

Yüklə 22,44 Mb.

Dostları ilə paylaş: