1 the main event battle of the sniffers. ● the champion – ethereal: network analyzer ● the...
TRANSCRIPT
1
The Main Event
Battle Of the Sniffers
Battle Of the Sniffers
● The Champion
– Ethereal: Network Analyzer
● The Challenger
– Ettercap: Network Security Suite
A look at Ettercap
● Ettercap: Features
– Packet Sniffing
● Unified Sniffing
● Bridged Sniffing
– Logging
– Real Time Data Views
● Live Connections / Man-in-the-Middle
A look at Ettercap
● Ettercap: Requirements● Unix Based OS
● Windows NT/2000/Server 2003
● Libraries
– libpcap 0.81 or higher
– libnet 1.2.1.1 or higher
– libpthread
– zlib
– Optional: GTK+, Ncurses, OpenSSL
A look at Ettercap
● Ettercap: Installation
– Website Download Available at:
● http://ettercap.sourceforge.net/
– Linux Installation
● Decompress using tar/gzip
● ./configure.sh
● make
● make install
A look at Ettercap
● Ettercap: The GUI
– Ncurses GUI
● Main Window
Using Ettercap
● Getting ready to sniff
– Select ”Sniff”
– Select ”Unified
Sniffing”
Using Ettercap
● Sniffing Screen
Using Ettercap
● Performing the Sniff
– Select ”Start”
– Select
”Start Sniffing”
– Press ”ENTER”
– Stop the Sniff by
selecting ”Stop
Sniffing”
Using Ettercap
● Features While Sniffing:
– Statistics.
– Select ”View”
then ”Statistics”
– Results updated
in real time.
Using Ettercap
● Features While Sniffing:
– Connection View
– Select ”View”
then
”Connections”
– Results updated
in real time.
Using Ettercap
● Features While Sniffing:– Connection
Details
– Choose a
connection in the
Live Connections
list and press
”ENTER”
– Results updated
in real time.
Using Ettercap
● More Features:– Host Scanning and targeting.
– Plug-In System.
– Logging.
– Inject Information
The Sniffing Experiment
● Three Trials– HTTP Request / Response
– Secure HTTP Request / Response
– FTP Transaction
● Testing Platform– Pentium 3 Linux Computer
– Fedora Core 2
First Trial: HTTP Transaction
● Website: www.kmaxmedia.com
● Ethereal– Showed very detailed information about each packet.
– Setup of Connection
– Request / Response
– Closure of Connection
– Also showed every packet that was used in the transaction.
First Trial: HTTP Transaction
● Ethereal
First Trial: HTTP Transaction
● Ettercap– Successful in sniffing the request and response.
– But Ettercap would only sniff the payload.
– Doesn't capture packet information.
– Indications of timed caching of information.
● Due to this, sometimes would erase the information.
First Trial: HTTP Transaction
● Ettercap
Second Trial: HTTPS Transaction
● Web Site: CIBC
Kaleem's
Bank
Account
Second Trial: HTTPS Transaction
● Both sniffers were unable to show the plaintext.– 128-Bit Encryption at work.
– Ettercap does have a feature to allow it to give a fake certificate
for an attack but the environment was not ideal.
● However, Ethereal recognized the public key
used.
Second Trial: HTTPS Transaction
● Ethereal
Second Trial: HTTPS Transaction
● Ettercap
Third Trial: FTP Transaction
● An FTP login was performed on
ftp.kmaxmedia.com. This included a username
and password.
● Both sniffers were able to successful get the
username and password information. But the
presentation of the information was different.● Information was more readable in Ettercap.
Third Trial: FTP Transaction
● Ethereal
Third Trial: FTP Transaction
● Ethercap
The Battle: Some Observations
● During the Sniffing● Ethereal would only show statistics on the type of packets
sniffed while Ettercap would show statistics, profiles,
connections and more in real time.
● Any personal authentication information that is heard on
the wire, ettercap would notify the user the minute it
appears in the user messages section
The Battle: Some Observations
● Extras● Ethereal
● Thouough information of packets.● Broad support for most protocols.● Filtering features to help organize packets.● Can read capture logs from over 20 prograns.
● Ettercap● Real time information delivered while sniffing. ● A sniffer with weaponry. ● Custom plugin support.
The Verdict
● Ethereal● Best suited for packet analyzation.
● Ettercap● Best suited to test security of a network.
– Supplies the user with a variety of tools.
● Plugins● Bridged Sniffing● Attacks
● Not just a sniffer.
Ettercap: Pros and Cons
● Pros– Very, very powerful tool.
– Easy to use GUI interface.
– Real Time Information while sniffing.
– Ability to perform attacks easily.
● Cons– Can be difficult to compile for Windows.
– Curses GUI not too stable. Overlaps tables.
– More documentation could be useful.
The Conclusion
● ”With the dust settling in the battle of the sniffers, the new Ettercap
proved to be a worthy foe against Ethereal possessing immense
manipulating power which can change a network’s environment.
However, it still needs time to develop itself into a robust,
dependable and a mature tool like Ethereal. ”
– Kaleem Maxwell