300 likes | 409 Views
The Main Event. Battle Of the Sniffers. Battle Of the Sniffers. The Champion Ethereal: Network Analyzer The Challenger Ettercap: Network Security Suite. A look at Ettercap. Ettercap: Features Packet Sniffing Unified Sniffing Bridged Sniffing Logging Real Time Data Views
E N D
The Main Event Battle Of the Sniffers
Battle Of the Sniffers • The Champion • Ethereal: Network Analyzer • The Challenger • Ettercap: Network Security Suite
A look at Ettercap • Ettercap: Features • Packet Sniffing • Unified Sniffing • Bridged Sniffing • Logging • Real Time Data Views • Live Connections / Man-in-the-Middle
A look at Ettercap • Ettercap: Requirements • Unix Based OS • Windows NT/2000/Server 2003 • Libraries • libpcap 0.81 or higher • libnet 1.2.1.1 or higher • libpthread • zlib • Optional: GTK+, Ncurses, OpenSSL
A look at Ettercap • Ettercap: Installation • Website Download Available at: • http://ettercap.sourceforge.net/ • Linux Installation • Decompress using tar/gzip • ./configure.sh • make • make install
A look at Ettercap • Ettercap: The GUI • Ncurses GUI • Main Window
Using Ettercap • Getting ready to sniff • Select ”Sniff” • Select ”Unified Sniffing”
Using Ettercap • Sniffing Screen
Using Ettercap • Performing the Sniff • Select ”Start” • Select ”Start Sniffing” • Press ”ENTER” • Stop the Sniff by selecting ”StopSniffing”
Using Ettercap • Features While Sniffing: • Statistics. • Select ”View” then ”Statistics” • Results updatedin real time.
Using Ettercap • Features While Sniffing: • Connection View • Select ”View” then ”Connections” • Results updatedin real time.
Using Ettercap • Features While Sniffing: • Connection Details • Choose a connection in the Live Connections list and press ”ENTER” • Results updatedin real time.
Using Ettercap • More Features: • Host Scanning and targeting. • Plug-In System. • Logging. • Inject Information
The Sniffing Experiment • Three Trials • HTTP Request / Response • Secure HTTP Request / Response • FTP Transaction • Testing Platform • Pentium 3 Linux Computer • Fedora Core 2
First Trial: HTTP Transaction • Website: www.kmaxmedia.com • Ethereal • Showed very detailed information about each packet. • Setup of Connection • Request / Response • Closure of Connection • Also showed every packet that was used in the transaction.
First Trial: HTTP Transaction • Ethereal
First Trial: HTTP Transaction • Ettercap • Successful in sniffing the request and response. • But Ettercap would only sniff the payload. • Doesn't capture packet information. • Indications of timed caching of information. • Due to this, sometimes would erase the information.
First Trial: HTTP Transaction • Ettercap
Second Trial: HTTPS Transaction • Web Site: CIBCKaleem's Bank Account
Second Trial: HTTPS Transaction • Both sniffers were unable to show the plaintext. • 128-Bit Encryption at work. • Ettercap does have a feature to allow it to give a fake certificate for an attack but the environment was not ideal. • However, Ethereal recognized the public key used.
Second Trial: HTTPS Transaction • Ethereal
Second Trial: HTTPS Transaction • Ettercap
Third Trial: FTP Transaction • An FTP login was performed on ftp.kmaxmedia.com. This included a username and password. • Both sniffers were able to successful get the username and password information. But the presentation of the information was different. • Information was more readable in Ettercap.
Third Trial: FTP Transaction • Ethereal
Third Trial: FTP Transaction • Ethercap
The Battle: Some Observations • During the Sniffing • Ethereal would only show statistics on the type of packets sniffed while Ettercap would show statistics, profiles, connections and more in real time. • Any personal authentication information that is heard on the wire, ettercap would notify the user the minute it appears in the user messages section
The Battle: Some Observations • Extras • Ethereal • Thouough information of packets. • Broad support for most protocols. • Filtering features to help organize packets. • Can read capture logs from over 20 prograns. • Ettercap • Real time information delivered while sniffing. • A sniffer with weaponry. • Custom plugin support.
The Verdict • Ethereal • Best suited for packet analyzation. • Ettercap • Best suited to test security of a network. • Supplies the user with a variety of tools. • Plugins • Bridged Sniffing • Attacks • Not just a sniffer.
Ettercap: Pros and Cons • Pros • Very, very powerful tool. • Easy to use GUI interface. • Real Time Information while sniffing. • Ability to perform attacks easily. • Cons • Can be difficult to compile for Windows. • Curses GUI not too stable. Overlaps tables. • More documentation could be useful.
The Conclusion • ”With the dust settling in the battle of the sniffers, the new Ettercap proved to be a worthy foe against Ethereal possessing immense manipulating power which can change a network’s environment. However, it still needs time to develop itself into a robust, dependable and a mature tool like Ethereal. ” • Kaleem Maxwell