Electronic Books

220
Practical Hacking Techniques and Countermeasures
To stop the capture, hold down the Ctrl key and press the C key.
Ngrep also allows for the redirection of the output to be saved to a file for
later analysis. This is done with the syntax of:
ngrep >> output.txt
Sniffing Traffic
221
Ngrep will now start capturing all data to and from the computer it is
running on and save it to a file named output.txt.
To stop the capture, hold down the Ctrl key and press the C key.
222
Practical Hacking Techniques and Countermeasures
By opening the output.txt file for analysis, it was determined that the user
logged into an FTP server. As FTP data is sent unencrypted (plain text), ngrep
easily captured the username/password. In this example:

The username is hacker.

The password is hacktheplanet.
*Note: Attackers are looking for any unencrypted (plain text) data that flows along
the network. Some of the items of interest include:

Usernames

Passwords

E-mails

IP addresses

Media Access Control (MAC) addresses

Router IP addresses
Sniffing Traffic
223
Lab 43: Packet Capture ??” Sniffer
Exploit Data from Network Traffic: Tcpdump
Prerequisites: NULL Session
Countermeasures: Encryption, various sniffer detector applications
Description: The Tcpdump command captures packets as they traverse
the network. If run with the 1/Nw flag, the data is saved to a file for
later analysis. If run with the 1/Nr flag, Tcpdump will read from a saved
packet file rather than read packets from a network interface.


Pages:
82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106