1 / 30

The Main Event

The Main Event. Battle Of the Sniffers. Battle Of the Sniffers. The Champion Ethereal: Network Analyzer The Challenger Ettercap: Network Security Suite. A look at Ettercap. Ettercap: Features Packet Sniffing Unified Sniffing Bridged Sniffing Logging Real Time Data Views

xandy
Download Presentation

The Main Event

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Main Event Battle Of the Sniffers

  2. Battle Of the Sniffers • The Champion • Ethereal: Network Analyzer • The Challenger • Ettercap: Network Security Suite

  3. A look at Ettercap • Ettercap: Features • Packet Sniffing • Unified Sniffing • Bridged Sniffing • Logging • Real Time Data Views • Live Connections / Man-in-the-Middle

  4. A look at Ettercap • Ettercap: Requirements • Unix Based OS • Windows NT/2000/Server 2003 • Libraries • libpcap 0.81 or higher • libnet 1.2.1.1 or higher • libpthread • zlib • Optional: GTK+, Ncurses, OpenSSL

  5. A look at Ettercap • Ettercap: Installation • Website Download Available at: • http://ettercap.sourceforge.net/ • Linux Installation • Decompress using tar/gzip • ./configure.sh • make • make install

  6. A look at Ettercap • Ettercap: The GUI • Ncurses GUI • Main Window

  7. Using Ettercap • Getting ready to sniff • Select ”Sniff” • Select ”Unified Sniffing”

  8. Using Ettercap • Sniffing Screen

  9. Using Ettercap • Performing the Sniff • Select ”Start” • Select ”Start Sniffing” • Press ”ENTER” • Stop the Sniff by selecting ”StopSniffing”

  10. Using Ettercap • Features While Sniffing: • Statistics. • Select ”View” then ”Statistics” • Results updatedin real time.

  11. Using Ettercap • Features While Sniffing: • Connection View • Select ”View” then ”Connections” • Results updatedin real time.

  12. Using Ettercap • Features While Sniffing: • Connection Details • Choose a connection in the Live Connections list and press ”ENTER” • Results updatedin real time.

  13. Using Ettercap • More Features: • Host Scanning and targeting. • Plug-In System. • Logging. • Inject Information

  14. The Sniffing Experiment • Three Trials • HTTP Request / Response • Secure HTTP Request / Response • FTP Transaction • Testing Platform • Pentium 3 Linux Computer • Fedora Core 2

  15. First Trial: HTTP Transaction • Website: www.kmaxmedia.com • Ethereal • Showed very detailed information about each packet. • Setup of Connection • Request / Response • Closure of Connection • Also showed every packet that was used in the transaction.

  16. First Trial: HTTP Transaction • Ethereal

  17. First Trial: HTTP Transaction • Ettercap • Successful in sniffing the request and response. • But Ettercap would only sniff the payload. • Doesn't capture packet information. • Indications of timed caching of information. • Due to this, sometimes would erase the information.

  18. First Trial: HTTP Transaction • Ettercap

  19. Second Trial: HTTPS Transaction • Web Site: CIBCKaleem's Bank Account

  20. Second Trial: HTTPS Transaction • Both sniffers were unable to show the plaintext. • 128-Bit Encryption at work. • Ettercap does have a feature to allow it to give a fake certificate for an attack but the environment was not ideal. • However, Ethereal recognized the public key used.

  21. Second Trial: HTTPS Transaction • Ethereal

  22. Second Trial: HTTPS Transaction • Ettercap

  23. Third Trial: FTP Transaction • An FTP login was performed on ftp.kmaxmedia.com. This included a username and password. • Both sniffers were able to successful get the username and password information. But the presentation of the information was different. • Information was more readable in Ettercap.

  24. Third Trial: FTP Transaction • Ethereal

  25. Third Trial: FTP Transaction • Ethercap

  26. The Battle: Some Observations • During the Sniffing • Ethereal would only show statistics on the type of packets sniffed while Ettercap would show statistics, profiles, connections and more in real time. • Any personal authentication information that is heard on the wire, ettercap would notify the user the minute it appears in the user messages section

  27. The Battle: Some Observations • Extras • Ethereal • Thouough information of packets. • Broad support for most protocols. • Filtering features to help organize packets. • Can read capture logs from over 20 prograns. • Ettercap • Real time information delivered while sniffing. • A sniffer with weaponry. • Custom plugin support.

  28. The Verdict • Ethereal • Best suited for packet analyzation. • Ettercap • Best suited to test security of a network. • Supplies the user with a variety of tools. • Plugins • Bridged Sniffing • Attacks • Not just a sniffer.

  29. Ettercap: Pros and Cons • Pros • Very, very powerful tool. • Easy to use GUI interface. • Real Time Information while sniffing. • Ability to perform attacks easily. • Cons • Can be difficult to compile for Windows. • Curses GUI not too stable. Overlaps tables. • More documentation could be useful.

  30. The Conclusion • ”With the dust settling in the battle of the sniffers, the new Ettercap proved to be a worthy foe against Ethereal possessing immense manipulating power which can change a network’s environment. However, it still needs time to develop itself into a robust, dependable and a mature tool like Ethereal. ” • Kaleem Maxwell

More Related