Author Topic: attack in a LAN (Read 1708 times)

L0pht · « **on:** April 12, 2015, 12:01:11 pm »

Hello
i am present in a network that everyone connected to internet via a Pptp connection, how can i sniff traffics via dns / arp spoofing? when i run wireshark all of packets keeps ina a GRE tunnel...

and question 2: is there anyway to perform ARP spoofing that antiviruses not detect ?

thanks a lot

d4rkcat · « **Reply #1 on:** April 12, 2015, 03:19:38 pm »

is it your home network?

reap- · « **Reply #2 on:** April 12, 2015, 09:58:01 pm »

turn the Grumpy Resident Entropy to +12udB in Wireshark options. That will decrypt those pesky GRE packets.

good luck!

L0pht · « **Reply #3 on:** April 13, 2015, 07:35:28 am »

thanks for answers:

Quote

is it your home network?

yes , a lab test.

Quote

turn the Grumpy Resident Entropy to +12udB in Wireshark options. That will decrypt those pesky GRE packets.

what is it? its a add-ons?

P!X3LTR0N · « **Reply #4 on:** April 16, 2015, 07:36:13 am »

Quote from: L0pht on April 13, 2015, 07:35:28 am

thanks for answers:yes , a lab test.what is it? its a add-ons?

This might help you to understand what an "entropy" is:
https://wirewatcher.wordpress.com/2009/09/24/detecting-encrypted-traffic-with-net-entropy-part-two/
http://flylib.com/books/en/2.961.1.61/1/
Try playing with the options as reap said.

Pixel

Spacecow · « **Reply #5 on:** April 18, 2015, 05:36:05 am »

Quote from: reap- on April 12, 2015, 09:58:01 pm

turn the Grumpy Resident Entropy to +12udB in Wireshark options. That will decrypt those pesky GRE packets.

good luck!

This, also the fact your name is L0pht makes me sad

But I do recommend understanding the basics of networking, do that and you will be able to answer the question yourself.

L0pht · « **Reply #6 on:** April 19, 2015, 04:58:37 pm »

P!X3LTR0N
thanks man, it's new for me.
---------------------
Spacecow
i don't think it was basics of networking!! maybe you are so professional and blackhat! in order, I am looking for a new method for getting traffic!
arp/dns/side and all others are classic and traditional!

P!X3LTR0N · « **Reply #7 on:** April 21, 2015, 07:13:25 am »

Quote from: L0pht on April 19, 2015, 04:58:37 pm

P!X3LTR0N
thanks man, it's new for me.
---------------------
Spacecow
i don't think it was basics of networking!! maybe you are so professional and blackhat! in order, I am looking for a new method for getting traffic!
arp/dns/side and all others are classic and traditional!

Simple question, have you tried using ettercap to sniff these packets?

L0pht · « **Reply #8 on:** April 21, 2015, 06:30:54 pm »

yes man. but problem is : anti viruses detect arp spoofing attack! i want to do this attack silent without detection.

P!X3LTR0N · « **Reply #9 on:** April 21, 2015, 06:52:07 pm »

Doesn't ettercap have a silent mode? And as far as I know you are able to turn off ARP... You just change the option to disable MITM attacks and then you should be ok, because you should still receive packets...

EvilZone

News:

Author Topic: attack in a LAN (Read 1708 times)

L0pht

attack in a LAN

d4rkcat

Re: attack in a LAN

reap-

Re: attack in a LAN

L0pht

Re: attack in a LAN

P!X3LTR0N

Re: attack in a LAN

Spacecow

Re: attack in a LAN

L0pht

Re: attack in a LAN

P!X3LTR0N

Re: attack in a LAN

L0pht

Re: attack in a LAN

P!X3LTR0N

Re: attack in a LAN