Hello,
So recently, i decided to experiment with dsniff and driftnet after Darren's episode covering them. I am using the following system to experiment:
-Virtual Box 4.0.10
-VM of Ubuntu 11.04
-bridged network connection between VM and physical hardware
-Virtual Box installed on a physical Windows 7 64bit machine.
I begin by enabling packet forwarding, then my two arpspoof commands in separate tabs.
With this done, I can run urlsnarf, mailsnarf, msgsnarf, and driftnet without issue. The traffic from the "attacked" machine is correctly displayed in all scenarios. I run into an issue when i try to issue a "dsniff -i eth0" command. I get the following:
Leptop01 is the machine I am sniffing.
Unlike in the episode, it will never show the url/un/pw that is flowing over the connection. I used Darren's example and tried logging into one of my ftp sites (so I know it is clear text) and I don't see the data listed. without doing anything, it will just keep populating those same
over and over again until i stop it.I have tried to research this extensively by watching videos and reading everything I can find on the topic and have not been able to solve it. The only suspicion I have is I found someone with a similar problem and it was caused by vmware he was running, or so he says. When he switched to running ubuntu on a physical machine as the base OS, the problems went away, but correlation does not equal causation! Any pointers of areas I can research or try to solve this?
Thanks so much in advance!