The Main Event - PowerPoint PPT Presentation

About This Presentation
Title:

The Main Event

Description:

Live Connections / Man-in-the-Middle. A look at Ettercap. Ettercap: ... Live Connections. list and press 'ENTER' Results updated. in real time. Using Ettercap ... – PowerPoint PPT presentation

Number of Views:857
Avg rating:3.0/5.0
Slides: 31
Provided by: web2Uw
Category:
Tags: event | main

less

Transcript and Presenter's Notes

Title: The Main Event


1
The Main Event
  • Battle Of the Sniffers

2
Battle Of the Sniffers
  • The Champion
  • Ethereal Network Analyzer
  • The Challenger
  • Ettercap Network Security Suite

3
A look at Ettercap
  • Ettercap Features
  • Packet Sniffing
  • Unified Sniffing
  • Bridged Sniffing
  • Logging
  • Real Time Data Views
  • Live Connections / Man-in-the-Middle

4
A look at Ettercap
  • Ettercap Requirements
  • Unix Based OS
  • Windows NT/2000/Server 2003
  • Libraries
  • libpcap 0.81 or higher
  • libnet 1.2.1.1 or higher
  • libpthread
  • zlib
  • Optional GTK, Ncurses, OpenSSL

5
A look at Ettercap
  • Ettercap Installation
  • Website Download Available at
  • http//ettercap.sourceforge.net/
  • Linux Installation
  • Decompress using tar/gzip
  • ./configure.sh
  • make
  • make install

6
A look at Ettercap
  • Ettercap The GUI
  • Ncurses GUI
  • Main Window

7
Using Ettercap
  • Getting ready to sniff
  • Select Sniff
  • Select Unified Sniffing

8
Using Ettercap
  • Sniffing Screen

9
Using Ettercap
  • Performing the Sniff
  • Select Start
  • Select Start Sniffing
  • Press ENTER
  • Stop the Sniff by selecting StopSniffing

10
Using Ettercap
  • Features While Sniffing
  • Statistics.
  • Select View then Statistics
  • Results updatedin real time.

11
Using Ettercap
  • Features While Sniffing
  • Connection View
  • Select View then Connections
  • Results updatedin real time.

12
Using Ettercap
  • Features While Sniffing
  • Connection Details
  • Choose a connection in the Live Connections
    list and press ENTER
  • Results updatedin real time.

13
Using Ettercap
  • More Features
  • Host Scanning and targeting.
  • Plug-In System.
  • Logging.
  • Inject Information

14
The Sniffing Experiment
  • Three Trials
  • HTTP Request / Response
  • Secure HTTP Request / Response
  • FTP Transaction
  • Testing Platform
  • Pentium 3 Linux Computer
  • Fedora Core 2

15
First Trial HTTP Transaction
  • Website www.kmaxmedia.com
  • Ethereal
  • Showed very detailed information about each
    packet.
  • Setup of Connection
  • Request / Response
  • Closure of Connection
  • Also showed every packet that was used in the
    transaction.

16
First Trial HTTP Transaction
  • Ethereal

17
First Trial HTTP Transaction
  • Ettercap
  • Successful in sniffing the request and response.
  • But Ettercap would only sniff the payload.
  • Doesn't capture packet information.
  • Indications of timed caching of information.
  • Due to this, sometimes would erase the
    information.

18
First Trial HTTP Transaction
  • Ettercap

19
Second Trial HTTPS Transaction
  • Web Site CIBCKaleem's Bank Account

20
Second Trial HTTPS Transaction
  • Both sniffers were unable to show the plaintext.
  • 128-Bit Encryption at work.
  • Ettercap does have a feature to allow it to give
    a fake certificate for an attack but the
    environment was not ideal.
  • However, Ethereal recognized the public key used.

21
Second Trial HTTPS Transaction
  • Ethereal

22
Second Trial HTTPS Transaction
  • Ettercap

23
Third Trial FTP Transaction
  • An FTP login was performed on ftp.kmaxmedia.com.
    This included a username and password.
  • Both sniffers were able to successful get the
    username and password information. But the
    presentation of the information was different.
  • Information was more readable in Ettercap.

24
Third Trial FTP Transaction
  • Ethereal

25
Third Trial FTP Transaction
  • Ethercap

26
The Battle Some Observations
  • During the Sniffing
  • Ethereal would only show statistics on the type
    of packets sniffed while Ettercap would show
    statistics, profiles, connections and more in
    real time.
  • Any personal authentication information that is
    heard on the wire, ettercap would notify the user
    the minute it appears in the user messages section

27
The Battle Some Observations
  • Extras
  • Ethereal
  • Thouough information of packets.
  • Broad support for most protocols.
  • Filtering features to help organize packets.
  • Can read capture logs from over 20 prograns.
  • Ettercap
  • Real time information delivered while sniffing.
  • A sniffer with weaponry.
  • Custom plugin support.

28
The Verdict
  • Ethereal
  • Best suited for packet analyzation.
  • Ettercap
  • Best suited to test security of a network.
  • Supplies the user with a variety of tools.
  • Plugins
  • Bridged Sniffing
  • Attacks
  • Not just a sniffer.

29
Ettercap Pros and Cons
  • Pros
  • Very, very powerful tool.
  • Easy to use GUI interface.
  • Real Time Information while sniffing.
  • Ability to perform attacks easily.
  • Cons
  • Can be difficult to compile for Windows.
  • Curses GUI not too stable. Overlaps tables.
  • More documentation could be useful.

30
The Conclusion
  • With the dust settling in the battle of the
    sniffers, the new Ettercap proved to be a worthy
    foe against Ethereal possessing immense
    manipulating power which can change a networks
    environment. However, it still needs time to
    develop itself into a robust, dependable and a
    mature tool like Ethereal.
  • Kaleem Maxwell
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "The Main Event" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!