Cain Grab Bag Guide

Cain Grab Bag Guide 1, Introduction:

There is often a need to capture communication messages between devices during development testing, but sometimes the device being grabbed does not communicate directly with the host or device that is grabbing the packet, so it will not achieve the desired effect. Common ways to solve this problem are:

(1), set the agent for the device that is caught, the packet is redirected to the agent, the agent is forwarded to the target machine, and then the packet is caught on the agent machine. Advantages: Easy to set up, capture data targeted, easy to analyze. Cons: Many apps do not support proxy functionality.

(2), using the hub, that is, the gripper machine and the target machine connected to the same hub, through the promiscuous mode of grasping packets. Pros: Easy to set up. Disadvantage: Need hardware cost support, hub has been eliminated is not easy to buy use.

(3), the use of specific software to the local area network traffic to force the guidance of the grab Charter. Advantages: Versatility, adaptable to more scenes. Disadvantage: When the local network traffic is large, it may cause network congestion.

This article mainly focuses on the 3rd use of the method of elaboration.

2, Working principle:

Traffic during normal operation:

After starting the software, the target machine traffic traffic is forced to the capture host, the purpose of "sniffing".

3. Implementation steps:

3.1. Download and install Cain (address not provided in this document) on the catch Charter.

3.2. Start the Cain and open the sniffer as shown:

3.3, right-click on the Host tab, select "Scan MAC Address", this time the software will detect all the surviving hosts in the LAN, as shown in:

3.4. Select the "APR" tab and select the blank area of the "Sniffer" tab, followed by the "+" button:

3.5. In the popup dialog box, set the traffic to be hijacked. You can choose to monitor the traffic flow between one device and one other and multiple devices, as shown in the sample:

3.6. Start packet sniffing, when the status bar changes, once the sniffer starts, it means that the target host's packet being monitored has begun to be forced to guide the grab machine:

3.7. Start Wireshark to catch the communication message of the target device being monitored.

4. Precautions:

4.1, the software with a certain hacker nature, may bring some risks (such as network congestion, leakage of privacy and trigger virus alarm, etc.), users should be reasonable assessment of the use of the environment, to minimize the impact on the environment.

4.2, if the software is killed by anti-virus software, you can set an exception in the anti-virus software, the more recommended practice is to run the software in the virtual machine, to avoid the risk of malicious code.

Cain Grab Bag Guide