Scribd Logo
Upload

Welcome to Scribd!

  • Lab 6 - MITM With Ettercap - ARP Poisoning

    Uploaded by

    Pratham Pandey
    224 views1 page

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    224 views1 page

    Lab 6 - MITM With Ettercap - ARP Poisoning

    Uploaded by

    Pratham Pandey

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    Lab 6 - MITM with Ettercap - ARP Poisoning

    Description: In this lab, we will do Man in the middle attack (MITM) using Ettercap. Ettercap is
    a comprehensive suite for man in the middle attacks. It features sniffing of live connections,
    content filtering on the fly and many other interesting tricks. It supports active and passive
    dissection of many protocols and includes many features for network and host analysis.

    Requirements for the lab: Attacker Machine - Kali Linux / Parrot OS. Victim / target Machine –
    Windows Machine (Win 7/ Win 8)

    Step 1: Launch your attacker machine (Parrot virtual machine) and log in
    Step 2: Go to Applications -> Pentesting -> Sniffing & Spoofing and then launch Ettercap-
    graphical
    Step 3: At the prompt, it will ask for the adapter that you want to choose, you may choose unified
    or bridged sniffing and then click on start.
    Step 4: Once this is done, scan for the hosts, it will list you the IP address of the default gateway
    as well as the IP address of the target machine. Make sure that your target machine is up and
    running before this step.
    Step 5: Now, from the lists of the hosts add the targets, add IP address of gateway as target 1
    and IP address of victim as the target 2.
    Step 6: Now, from MITM Menu select the ARP Poisoning, and make sure that Sniff remote
    connections option is checked.
    Step 7: Now, Ettercap has poisoned the ARP tables of the gateway and the target. Now, you
    can perform the MITM and can sniff the traffic going from the target machine.
    Step 8: Now, you can launch any network sniffer like tcpdump or wireshark on the attacker
    machine. I am using tcpdump, I will open a separate terminal and type:
    Sudo tcpdump –I eth0 port 80 and host IP_Address_of_target
    Step 9: Now, the MITM attack is performed, any network activity on the target machine can be
    observed with the tcpdump.

    Note: It will take several minutes to run the scan.

    Question 1: Do you see any network traffic after performing MITM on tcpdump?

    If yes, please write some of them below:

    Question 2: Do you see any other active hosts after scanning the hosts on Ettercap-graphical?

    If yes, please write some of them below:?

    You might also like