Hello I found this site 2 days back and loved it and have been reading and learning ever since.. I tried to learn sniffing first.. for that I chose 2 applications. ... ettercap and cain and abel.. I tried ettercap first in my ubuntu installation but it seemed to work only in the terminal and even then it gave me just garbage.. none of the responses made sense.. also the gtk version of ettercap would just hang up on saying, "starting sniffing" or somthing around the lines.. But my post here is about cain and abel.. I read the built in help and did according to their text.. here is what I did.. I went to the sniffer section and scanned for mac addresses, from config i chose, dont use promiscuous mode, then clicked on start sniffer and then start APR.. after that nothing seems to happen.. forget password sniffing I cant even sniff the sites I browse from my other test computer. at the bottom it just says "Lost packets: 0%" P.S. I am connected to my router via wlan whereas my target test computer is connected via LAN cable help plz
k never mind... i got it to work.. the problem was that I did not slect the hosts on the right side of new APR poison routing menu.. now that it is doing something.. it was able to catch my password.. the one my msn messenger used.. but it still did not show me any browser activity.. am I doing something wrong?
why cant i edit the post i just made? anyways.. i also dont understand the cracker function.. in the password section of sniffer.. i can choose "send all to cracker" but after that i dont know what to do with em :/
To perform a middle man attack in order to sniff passwords both computers have to be on LAN, not WLAN.
It can sniff and crack WEP and WPA protected networks but in order to do that you will need a USB 802.11 WLAN dongle that is AirPcap Driver compatible. For doing middle man attacks its awesome, the same applies for cracking windows passwords remotely, all you need is to capture the hash and then you right click it and select "Send to cracker". I learnt all the tricks of cain and abel by reading their help file that really helps alot.
thx.. i did read the help though.. i wanted to monitor network activity.. im more interested in that and not that much in passwords.. so in order to see what pages the other network computers are viewing.. I will have to get AirPcap driver compatible dongle as well? or can I do it with my built in intel wifi card?
No, the wireless feature in Cain and Abel can not do APR Poisoning, and in order to monitor network activity in such a way that you can see who is doing what, you need to perform APR poisoning, then you select the computer and the router, thus enabling you to sniff all traffic between the two nodes on the network, anything that goes from the target computer to the router WILL first pass trough your computer, then your computer will send the data to the router, and vise versa for data from the router to the target computer... The wireless cracker and sniffer on Cain and Abel only enables you to sniff packets on a WEP or WPA encrypted WLAN network using a AirPcap USB wireless dongle, once you have enough packets you can perform a brute force attack on the ecryption, but with WPA you will first have to inject a Deauth attack on the network to deauthenticae all the users and then they automatically reauthenticate thus giving you the password hash, now with WPA you can only perform dictionary attacks and not brute force. To sniff network activity you must be on a LAN. The best program to sniff LAN activity is Cain and Abel, the best program for Wireless is Aircrack-ng and its compatible with most WLAN cards, I suggest if you buy a card, make sure its chipset is atheros because atheros chipset is compatible with Aireplay, Aireplay is the app you use to inject packets on the WLAN. I hope this cleared things up a bit?