Re: about sniffing

To: Nikolay Hristov <geroy@mbox.stemo.bg>
Cc: debian-security@lists.debian.org
Subject: Re: about sniffing
From: Nicholas Prey? <nalp@gmx.net>
Date: Sat, 21 Jul 2001 22:12:16 +0200
Message-id: <[🔎] 3B59E220.6050001@gmx.net>
References: <[🔎] 007501c1126f$2ed279a0$0201a8c0@pukn>

Nikolay Hristov wrote:

> I've found some utilities that claims that can sniff ssh1 and httpstraffic

>  (man-in-the-middle attack) - http://ettercap.sourceforge.net
>

> Is it true? And why are these certificates and SSL support for webservers?

>  Can someone explain why it is possible or why it isn't? Or give  some
>  links to read about this problems.
>
>
>
> Nikolay Hristov


Yes, ettercap works quiet well. I tried 0.4.2 with ssh1 several times
and it was really easy to sniff the connection. I suppose it works
because all the traffic between the two communicating hosts is routed
over the sniffing guy.
The programm first divides the connection in 2 ssh sessions.
One from the initiator to the sniffer, and a new one from the sniffer to

the originial destination person. So the programm gets the session keyand can retreat, because now it can sniff passively the connection.The programm files includes a very good readme with a technical paperproviding details about the different features.I didn't find any information about the https feature nor i have used itmyself so far.I would suggest for further informations you use their tech-forum or askone of the coders, they are extraordinary helpful.


mfg
Nicholas
Sorry for
 my bad english.

Reply to:

References:
- about sniffing
  - From: "Nikolay Hristov" <geroy@mbox.stemo.bg>

Prev by Date: Re: about sniffing
Next by Date: Re: red worm amusement
Previous by thread: Re: about sniffing
Next by thread: iptables logging
Index(es):
- Date
- Thread