Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 The Main Event Battle Of the Sniffers. ● The Champion – Ethereal: Network Analyzer ● The Challenger – Ettercap: Network Security Suite.

Published byClarissa Jennings Modified over 9 years ago

Similar presentations

Presentation on theme: "1 The Main Event Battle Of the Sniffers. ● The Champion – Ethereal: Network Analyzer ● The Challenger – Ettercap: Network Security Suite."— Presentation transcript:

1 1 The Main Event Battle Of the Sniffers

2 ● The Champion – Ethereal: Network Analyzer ● The Challenger – Ettercap: Network Security Suite

3 A look at Ettercap ● Ettercap: Features – Packet Sniffing ● Unified Sniffing ● Bridged Sniffing – Logging – Real Time Data Views ● Live Connections / Man-in-the-Middle

4 A look at Ettercap ● Ettercap: Requirements ● Unix Based OS ● Windows NT/2000/Server 2003 ● Libraries – libpcap 0.81 or higher – libnet 1.2.1.1 or higher – libpthread – zlib – Optional: GTK+, Ncurses, OpenSSL

5 A look at Ettercap ● Ettercap: Installation – Website Download Available at: ● http://ettercap.sourceforge.net/ http://ettercap.sourceforge.net/ – Linux Installation ● Decompress using tar/gzip ●./configure.sh ● make ● make install

6 A look at Ettercap ● Ettercap: The GUI – Ncurses GUI ● Main Window

7 Using Ettercap ● Getting ready to sniff – Select ”Sniff” – Select ”Unified Sniffing”

8 Using Ettercap ● Sniffing Screen

9 Using Ettercap ● Performing the Sniff – Select ”Start” – Select ”Start Sniffing” – Press ”ENTER” – Stop the Sniff by selecting ”Stop Sniffing”

10 Using Ettercap ● Features While Sniffing: – Statistics. – Select ”View” then ”Statistics” – Results updated in real time.

11 Using Ettercap ● Features While Sniffing: – Connection View – Select ”View” then ”Connections” – Results updated in real time.

12 Using Ettercap ● Features While Sniffing: – Connection Details – Choose a connection in the Live Connections list and press ”ENTER” – Results updated in real time.

13 Using Ettercap ● More Features: – Host Scanning and targeting. – Plug-In System. – Logging. – Inject Information

14 The Sniffing Experiment ● Three Trials – HTTP Request / Response – Secure HTTP Request / Response – FTP Transaction ● Testing Platform – Pentium 3 Linux Computer – Fedora Core 2

15 First Trial: HTTP Transaction ● Website: www.kmaxmedia.comwww.kmaxmedia.com ● Ethereal – Showed very detailed information about each packet. – Setup of Connection – Request / Response – Closure of Connection – Also showed every packet that was used in the transaction.

16 First Trial: HTTP Transaction ● Ethereal

17 First Trial: HTTP Transaction ● Ettercap – Successful in sniffing the request and response. – But Ettercap would only sniff the payload. – Doesn't capture packet information. – Indications of timed caching of information. ● Due to this, sometimes would erase the information.

18 First Trial: HTTP Transaction ● Ettercap

19 Second Trial: HTTPS Transaction ● Web Site: CIBC Kaleem's Bank Account

20 Second Trial: HTTPS Transaction ● Both sniffers were unable to show the plaintext. – 128-Bit Encryption at work. – Ettercap does have a feature to allow it to give a fake certificate for an attack but the environment was not ideal. ● However, Ethereal recognized the public key used.

21 Second Trial: HTTPS Transaction ● Ethereal

22 Second Trial: HTTPS Transaction ● Ettercap

23 Third Trial: FTP Transaction ● An FTP login was performed on ftp.kmaxmedia.com. This included a username and password. ftp.kmaxmedia.com ● Both sniffers were able to successful get the username and password information. But the presentation of the information was different. ● Information was more readable in Ettercap.

24 Third Trial: FTP Transaction ● Ethereal

25 Third Trial: FTP Transaction ● Ethercap

26 The Battle: Some Observations ● During the Sniffing ● Ethereal would only show statistics on the type of packets sniffed while Ettercap would show statistics, profiles, connections and more in real time. ● Any personal authentication information that is heard on the wire, ettercap would notify the user the minute it appears in the user messages section

27 The Battle: Some Observations ● Extras ● Ethereal ● Thouough information of packets. ● Broad support for most protocols. ● Filtering features to help organize packets. ● Can read capture logs from over 20 prograns. ● Ettercap ● Real time information delivered while sniffing. ● A sniffer with weaponry. ● Custom plugin support.

28 The Verdict ● Ethereal ● Best suited for packet analyzation. ● Ettercap ● Best suited to test security of a network. – Supplies the user with a variety of tools. ● Plugins ● Bridged Sniffing ● Attacks ● Not just a sniffer.

29 Ettercap: Pros and Cons ● Pros – Very, very powerful tool. – Easy to use GUI interface. – Real Time Information while sniffing. – Ability to perform attacks easily. ● Cons – Can be difficult to compile for Windows. – Curses GUI not too stable. Overlaps tables. – More documentation could be useful.

30 The Conclusion ● ”With the dust settling in the battle of the sniffers, the new Ettercap proved to be a worthy foe against Ethereal possessing immense manipulating power which can change a network’s environment. However, it still needs time to develop itself into a robust, dependable and a mature tool like Ethereal. ” – Kaleem Maxwell

Download ppt "1 The Main Event Battle Of the Sniffers. ● The Champion – Ethereal: Network Analyzer ● The Challenger – Ettercap: Network Security Suite."

Similar presentations

Ethical Hacking Module VII Sniffers.

Ethical Hacking Module VII Sniffers.
Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.

Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.
Man in the Middle Attack

Man in the Middle Attack
Getting Set-up with Hosting and WordPress Gregory Young Alternative Hosting

Getting Set-up with Hosting and WordPress Gregory Young Alternative Hosting
WARNING ! The system is either busy or has been unstable. You can wait and See if it becomes available again, or you can restart your computer. *

WARNING ! The system is either busy or has been unstable. You can wait and See if it becomes available again, or you can restart your computer. *
1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.

1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.
Compliance on Demand. Introduction ComplianceKeeper is a web-based Licensing and Learning Management System (LLMS), that allows users to manage all Company,

Compliance on Demand. Introduction ComplianceKeeper is a web-based Licensing and Learning Management System (LLMS), that allows users to manage all Company,
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
Network Analyzer Example

Network Analyzer Example
(NHA) The Laboratory of Computer Communication and Networking Network Host Analyzer.

(NHA) The Laboratory of Computer Communication and Networking Network Host Analyzer.
LogMeIn.com By: Casey Davidson. What is it? Free Web-based VNC Client Remotely control any PC or Mac from anywhere in the world No network configuring.

LogMeIn.com By: Casey Davidson. What is it? Free Web-based VNC Client Remotely control any PC or Mac from anywhere in the world No network configuring.
Log Analysis and Intrusion Detection By Srikrishna Gudavalli Venkata Naga Vamsi Krishna Ravi Kiran Yellepeddy.

Log Analysis and Intrusion Detection By Srikrishna Gudavalli Venkata Naga Vamsi Krishna Ravi Kiran Yellepeddy.
Using Skype for Building Effective Group Collaboration MODULE I.

Using Skype for Building Effective Group Collaboration MODULE I.
The easy way to a nice looking website design By a total non-designer (Me!)

The easy way to a nice looking website design By a total non-designer (Me!)
Appliance Firewalls A Technology Review By: Brent Huston T h e B l a c k H a t B r i e f i n g s July 7-8, 1999 Las Vegas.

Appliance Firewalls A Technology Review By: Brent Huston T h e B l a c k H a t B r i e f i n g s July 7-8, 1999 Las Vegas.
Masud Hasan 03-60-475 Secure Email Project 1. Secure Email It uses Digital Certificate combined with S/MIME capable email clients to digitally sign and.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.

2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.

Similar presentations

Ads by Google