Book of Eopi
  • 😍About the Author
  • πŸ€–ChatGPT for Cybersecurity
  • πŸ“˜CERTIFICATIONS
    • Certified Ethical Hacker (C|EH)(Practical)
      • Reconnaissance (Footprinting)
      • Scanning Networks
      • Vulnerability Analysis
      • System Hacking
      • Sniffing
      • SQL Injection
      • Remote code execution
      • Hacking Web Applications & Servers
        • Local and remote file inclusion
        • File upload bypass
        • Cross-site scripting
        • Cross-site request forgery
        • Server-side request forgery
      • Exploitation
        • Working with exploits
        • Password cracking
        • Metasploit
        • Buffer overflow
      • Cloud Computing
      • Cryptography
      • Mobile Pentesting Resources
      • Learning resources
  • 🏁My Hacking Materials
    • My Most Frequently Used Hacking Commands
    • RickdiculouslyEasy: 1 VulnHub WriteUp
    • Corrosion: 2 VulnHub WriteUp
    • Hackable: 3 VulnHub WriteUp
    • Empire: LupinOne Vulnhub WriteUp
  • 🐧101 Labs for Linux
    • πŸ’»Hardware and System Configuration
      • LAB 1 - Boot Sequence
  • πŸ”§Mod Nintendo Switch Game
    • πŸ”ΉPokΓ©mon Brilliant Diamond and Shining Pearl
      • πŸŸ₯Install mods on Nintendo Switch
      • 🟦Install mods on Yuzu/Ryujinx Emulator
      • πŸ” Custom font for PokΓ©mon BDSP
  • πŸ“–SHARE TΓ€I LIỆU NVSP
    • 1️⃣HỌC PHαΊ¦N 1
    • 2️⃣HỌC PHαΊ¦N 2
    • 3️⃣HỌC PHαΊ¦N 3
    • 4️⃣HỌC PHαΊ¦N 4
    • 5️⃣HỌC PHαΊ¦N 5 (chΖ°a hoΓ n thiện)
    • 6️⃣HỌC PHαΊ¦N 6
  • βš”οΈTα»•ng Hợp VΓ΅ LΓ’m 2
    • πŸ’°Server JX2 2014 - BαΊ£n Kinh Doanh
    • πŸ‘‘Server JX2 2014 - PhiΓͺn bαΊ£n Offline
    • πŸ‘‘Server JX2 2017 - PhiΓͺn BαΊ£n Offline
    • πŸ‘‘Server JX2 2021 - PhiΓͺn BαΊ£n Offline
Powered by GitBook
On this page
  • Introduction
  • WireShark
  • NetworkMiner
  • Ettercap
  • ettercap-common
  • ettercap-graphical
  1. CERTIFICATIONS
  2. Certified Ethical Hacker (C|EH)(Practical)

Sniffing

Welcome to the Sniffing module. This note will guide you thru all the methodologies that I used while preparing for the CEH (Practical) exam.

PreviousSystem HackingNextSQL Injection

Last updated 2 years ago

Introduction

Packet sniffing is the practice of gathering, collecting, and logging some or all packets that pass thru a computer network, regardless of how the packet is addressed. In this way, every packet, or a defined subset of packets, may be gathered for further analysis. You, as a network administrator, can use the collected data for a wide variety of purposes, like monitoring bandwidth and traffic.

A packet sniffer, sometimes called a packet analyzer, is composed of two main parts. First, a network adapter that connects the sniffer to the existing network. Second, software that provides a way to log, see, or analyze the data collected by the device.

WireShark

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named "Ethereal," the project was renamed "Wireshark" in May 2006 due to trademark issues.

I can't stress how much you need to learn Wireshark. Since this wireshark is very important from an exam point of view. So, please learn. You can Google stuff online. There are tons of video tutorials for Wireshark.

NetworkMiner

Best for incident response teams and for law enforcement.

NetworkMiner is a Network Forensic Analysis Tool by Netresec. It supports Windows, Mac, Linux, and FreeBSD. It has functionalities for passive network sniffing and packet capturing. It can detect operating systems, sessions, hostnames, open ports, etc. To perform the offline analysis and regenerate transmitted files & certificates from PCAP files, it can parse PCAP files.

Features:

  • By parsing a PCAP file and sniffing the traffic directly from the network, NetworkMiner can extract files, emails, and certificates transferred over the network.

  • NetworkMiner doesn’t put any traffic on the network while capturing packets or doing passive network sniffing.

  • With the Professional edition, you will get the features of DNS Whitelisting, Web browser tracing, online ad & tracker detection, etc.

Verdict: NetworkMiner is popular among organizations around the world. It has an intuitive user interface that provides the extracted artifacts and will make it easier to perform advanced Network Traffic Analysis. This data presentation in an intuitive UI that helps the analyst or forensic investigator with the analysis.

How to use:

Download

Ettercap

ettercap-common

  • Ettercap supports active and passive dissection of many protocols (even encrypted ones) and includes many feature for network and host analysis.

  • Data injection in an established connection and filtering (substitute or drop a packet) on the fly is also possible, keeping the connection synchronized.

  • Many sniffing modes are implemented, for a powerful and complete sniffing suite. It is possible to sniff in four modes: IP Based, MAC Based, ARP Based (full-duplex) and PublicARP Based (half-duplex).

  • Ettercap also has the ability to detect a switched LAN, and to use OS fingerprints (active or passive) to find the geometry of the LAN.

  • This package contains the Common support files, configuration files, plugins, and documentation. You must also install either ettercap-graphical or ettercap-text-only for the actual GUI-enabled or text-only ettercap executable, respectively.

ettercap-graphical

  • Ettercap supports active and passive dissection of many protocols (even encrypted ones) and includes many feature for network and host analysis.

  • Data injection in an established connection and filtering (substitute or drop a packet) on the fly is also possible, keeping the connection synchronized.

  • Many sniffing modes are implemented, for a powerful and complete sniffing suite. It is possible to sniff in four modes: IP Based, MAC Based, ARP Based (full-duplex) and PublicARP Based (half-duplex).

  • Ettercap also has the ability to detect a switched LAN, and to use OS fingerprints (active or passive) to find the geometry of the LAN.

  • This package contains the ettercap GUI-enabled executable.

How to use

Ettercap Screenshot
πŸ“˜
Applied-Network-Forensics - Lab 00 - Network Miner Overview
NetworkMiner - The NSM and Network Forensics Analysis Tool ⛏Netresec
Home Page
Logo
Ettercap Cheat SheetComparitech
Use Ettercap to Intercept Passwords with ARP SpoofingWonderHowTo
How to use Ettercap - KaliTutKaliTut
Logo
Logo
Logo