MacOS or Class Linux system installation Ettercap + GTK3 crawl and analyze neighbor packets

Recently the neighbor night life rampant, playing the game "hit the keyboard", play live piano singing and a variety of video chat with people, every day after 12 o'clock in the evening, laughter, scold, harp, singing and playing in turn, the previous public routing is my control, password only I know, but also can limit a speed. These two days, this guy got a guy. Initialize the router, and then set up the management password, the more crazy rampant noisy. Well, you have a good count, I have a wall ladder.

"Ettercap is a powerful tool that can be called an artifact, a leader in the same type of software. Ettercap is open source enterprise and cross-platform, ettercap in some aspects and dsniff similarities, also can be very convenient to work in the switch environment, of course, Ettercap original design and positioning, is a switch based on the sniffer, but with the version of the change , it has more and more functions and becomes a powerful, effective and flexible software. It supports active and passive protocol parsing and includes many network and host feature analysis. "

----from the network

First, platform and software tools

Tool: MBP One, I7+8G+256GSSD

Software that needs to be installed:

1, homebrew MAC OSX software package management tools, similar to CentOS on the Yum,ubuntu on the Apt-get.

2. Xcode runs the integrated development tools (IDE) on the OS Mac OS X.

3, Libtiff TIFF is a flexible bitmap format, mainly used to store images including photos and art pictures, Libtiff is the standard implementation of TIFF, with Libtiff can be installed gtk+3, with the Gtk,ettercap can be displayed in the form of Windows.

4, Gtk+3 is a set of source code to LGPL License agreement distributed, cross-platform Graphics toolkit

5, Ettercap described above, is a powerful tool that can be called artifact.

Second, install the software

1, homebrew Installation

Homebrew installation is very simple, open the terminal to execute the command:

~ RUBY-E "$ (curl-fssl https://raw.githubusercontent.com/Homebrew/install/master/install)"

The homebrew has been installed to perform:

~ Sudo brew update/brew update

The old version of homebrew is required for sudo while the new version ... Specifically I do not know in which version, the removal of sudo, you can not add sudo update, if the failure plus. After the update installation software may error, need to check/users/$ (whoami)/library/logs/homebrew and/users/$ (whoami)/library/logs/homebrew Two directory permissions is root, If the directory and file permissions are root, you need to execute the following command to modify permissions, otherwise use sudo to execute the report permissions are too large, do not use sudo and reported insufficient permissions.

2, Xcode can be found in the App Store, free installation.

3, Installation Libtiff

There are two ways to install Libtiff, but there is no guarantee which can be successful, one is a brew install is a compilation installation, compile and install will have made all the error, brew is likely to be wall off, brew can try more or find a VPN connection, really do not study the compilation installation.

~ Brew Install Libtiff

Or

~ wget ~ Tar xvzf tiff-4.0.6.tar.gz ~ CD tiff-4.0.6 ~./configure--prefix=/usr/local ~ Make ~ do clean

4, Installation Gtk+3

~ Brew Install Gtk+3

5, Installation Ettercap

~ Brew Install Ettercap--with-gtk+

No--with-gtk+ can not be started in the form of ettercap-g, that is, the window can not be started graphically, can only use the command line or pseudo-graphical interface (for example:)

650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M01/9D/B3/wKioL1mEIVagcsGaAAB3A1bzSps224.png-wh_500x0-wm_ 3-wmp_4-s_1575010036.png "title=" 87ead71b-6b58-49bb-adc8-07dc7b70d6c4.png "alt=" Wkiol1meivagcsgaaab3a1bzsps224.png-wh_50 "/>

Three

After installation, start in ettercap-g form (!!! Remember to add sudo):

sudo ettercap-g

650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M00/9D/B4/wKioL1mEJrbxeb4tAADbGLGJVOI400.png-wh_500x0-wm_ 3-wmp_4-s_189585186.png "title=" D290f5e0-16a2-484b-b2b9-3292c6ddda03.png "alt=" Wkiol1mejrbxeb4taadbglgjvoi400.png-wh_50 "/>

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M02/9D/B4/wKiom1mEJIKhFVmWAADS9iOxsbI678.png-wh_500x0-wm_ 3-wmp_4-s_4241270609.png "title=" 62a7e097-a972-423b-8ee0-16cf368c15d9.png "alt=" Wkiom1mejikhfvmwaads9ioxsbi678.png-wh_50 "/>

650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M00/9D/B4/wKiom1mEJhmBtw16AAFRhKQ1PLg398.png-wh_500x0-wm_ 3-wmp_4-s_3384303831.png "title=" 755c0a36-1b8a-46f4-98b1-154b595bc136.png "alt=" Wkiom1mejhmbtw16aafrhkq1plg398.png-wh_50 "/>

The above steps are:

1, choose unified sniffing (Unified sniffer?? ) 。

2, in the Pop-up window select the network card, usually even wifi that one, you can use Ifconfig in the terminal to view.

3, the selection can see the above information, is the program began to listen to the selected network card.

650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M00/9D/B4/wKiom1mEKCSweJ-KAAFX0GoHlNY203.png-wh_500x0-wm_ 3-wmp_4-s_179198943.png "title=" 8e54e3b3-e8c9-47f8-ba85-61ea75591c47.png "alt=" Wkiom1mekcswej-kaafx0gohlny203.png-wh_50 "/>

4. Select scan for hosts to list the IP addresses of all clients in all LANs except this computer.

5. Click hosts again to select the hosts list to view this list.

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M01/9D/B5/wKioL1mELdnAHpAwAAEVLIx8OAU112.png-wh_500x0-wm_ 3-wmp_4-s_2902329386.png "title=" 577a7351-e28a-408e-9c14-d01b63c6a72f.png "alt=" Wkiol1meldnahpawaaevlix8oau112.png-wh_50 "/>

6. Click the IP address that you want to monitor, click Add to Target to target 1, you can add more than one.

7, click the gateway address, and then click Add to Target2 added to Target2, according to the actual situation, you can use the following instructions to view:

Netstat-rn | grep Default | Grep-e ' [0-9]\{1,3\}. [0-9]\{1,3\}. '

We are actually inserting into target1 and Target2, doing a forwarding job, and copying a copy of the packet to this machine.

You can also click on the Targets tab, click on the current targets, set in the popup box, such as the desired IP has not been brushed out.

But it is OK to have this IP.

8, select the log file, fill in the file name, the program will be automatically created, I generally choose the/tmp directory, because many directories do not have permission, I did not study this ... In short, there is a pit, no authority on the direct exit.

650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M00/9D/B5/wKioL1mELtWxDM_KAAHqguuTvaE785.png-wh_500x0-wm_ 3-wmp_4-s_4263026794.png "title=" 29f59290-cf8a-4828-a686-f68de603f314.png "alt=" wkiol1meltwxdm_ Kaahqguutvae785.png-wh_50 "/>

9. Click on the ARP poisoning under MITM. So, it starts ARP spoofing, no No. is the proxy gateway. But if you do your own testing, you will find that the monitored machine is not able to access the Internet because the Mac does not have the route forwarding feature turned on.

Open it:

sudo sysctl-w net.inet.ip.forwarding=1

Shut down:

sudo sysctl-w net.inet.ip.forwarding=0

This is the function, you can do a scheduled task, five minutes to close once, more than half a minute to open. Oh, I let you live half a night ...

10, tail-f View the update of the log

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M01/9D/B6/wKiom1mEObSS4YSQAALhmKkpH48581.png-wh_500x0-wm_ 3-wmp_4-s_3249153720.png "title=" B4a5d609-cf75-40f7-8af5-23dadfcf26e7.png "alt=" Wkiom1meobss4ysqaalhmkkph48581.png-wh_50 "/>

At this point is garbled, this log suffix is. ECP, I just set the/tmp/test.log, then he is/TMP/TEST.LOG.ECP. For this log format, ETTERCAP has its own viewing tool: Etterlog.

Etterlog TEST.LOG.ECP

650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M02/9D/B6/wKioL1mEPALQY8yDAAGtsSm7Y50440.png-wh_500x0-wm_ 3-wmp_4-s_2220062640.png "style=" Float:none; "title=" B0559fc2-6fbe-4601-8654-e716e1ef3aa2.png "alt=" Wkiol1mepalqy8ydaagtssm7y50440.png-wh_50 "/>

650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M02/9D/B6/wKioL1mEPAaQCikoAAdSgZugDIQ152.png-wh_500x0-wm_ 3-wmp_4-s_365223192.png "style=" Float:none; "title=" 19be6c59-a28a-4cca-820a-7291c6fc9b11.png "alt=" Wkiol1mepaaqcikoaadsgzugdiq152.png-wh_50 "/>

As above two pictures, the first one is caught HTTP header information, through access to change Hostdoman+url can be downloaded to a video, the original is my mobile phone to view the microblog video. Other things such as getting headers, sessions, URLs, hosts, or even some encrypted packets need to be implemented, and Chrome's Editthiscookie and Postman are a great tool.

This article is from the "11403817" blog, please be sure to keep this source http://11413817.blog.51cto.com/11403817/1953668

MacOS or Class Linux system installation Ettercap + GTK3 crawl and analyze neighbor packets