Jump to content

pjsjr627

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

 Content Type 

Posts posted by pjsjr627

    Dsniff- All But One Command Is Working Correctly

    in Security

    Posted

    Don't know if this will make a difference, but have you tried using the latest version of Vmware.

    Edit: Also make sure you set your VM interface to bridged mode as well.

    Thanks, I am using the latest version of virtual box. Should I try VMware instead? I have an ubuntu install on my ESX box I can try it on.

    Dsniff- All But One Command Is Working Correctly

    in Security

    Posted

    Hello,

    So recently, i decided to experiment with dsniff and driftnet after Darren's episode covering them. I am using the following system to experiment:

    -Virtual Box 4.0.10

    -VM of Ubuntu 11.04

    -bridged network connection between VM and physical hardware

    -Virtual Box installed on a physical Windows 7 64bit machine.

    I begin by enabling packet forwarding, then my two arpspoof commands in separate tabs.

    With this done, I can run urlsnarf, mailsnarf, msgsnarf, and driftnet without issue. The traffic from the "attacked" machine is correctly displayed in all scenarios. I run into an issue when i try to issue a "dsniff -i eth0" command. I get the following:

    root@jacob-Ubuntu:/home/jacob# dsniff -i eth0

    dsniff: listening on eth0

    -----------------

    07/14/11 21:33:20 udp laptop01.local.63902 -> 10.10.0.30.161 (snmp)

    [version 1]

    public

    -----------------

    07/14/11 21:33:25 udp laptop01.local.63902 -> 10.10.0.30.161 (snmp)

    [version 1]

    public

    Leptop01 is the machine I am sniffing.

    Unlike in the episode, it will never show the url/un/pw that is flowing over the connection. I used Darren's example and tried logging into one of my ftp sites (so I know it is clear text) and I don't see the data listed. without doing anything, it will just keep populating those same

    07/14/11 21:33:25 udp laptop01.local.63902 -> 10.10.0.30.161 (snmp)

    [version 1]

    public

    over and over again until i stop it.

    I have tried to research this extensively by watching videos and reading everything I can find on the topic and have not been able to solve it. The only suspicion I have is I found someone with a similar problem and it was caused by vmware he was running, or so he says. When he switched to running ubuntu on a physical machine as the base OS, the problems went away, but correlation does not equal causation! Any pointers of areas I can research or try to solve this?

    Thanks so much in advance!

×
×
  • Create New...