ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

DonationCoder.com Software > Post New Requests Here

IDEA: LAN Email monitoring

<< < (2/2)

Gothi[c]:
I'd go for ettercap since it can do much more than cain can. Cain is good for sniffing voip stuff.
You can write custom ettercap filters that fetch the email for you.
Ettercap can be fully extended with plugins as well, it requires some scripting from your part, but the tradeoff is that you can completely customise which data to capture and how to process it.

You can use ettercap in combination with ethereal if you want, or any other sniffer. You can use ettercap for arp poisening, and ethereal for filtering data without having to go through any script writing in ettercap.

Here is a screenshot with ethereal and an email filter applied. (I only added the pop protocol, you could make it capture both pop and smtp if you want)

Using ettercap's ARP Poisoning features you can capture all data on the network (so not just data from / to your machine)

By default, ethereal captures silently (to avoid overflowing the buffer when allot of data gets sent really fast and there are no filters set.) but you can enable live data monitoring.

(the screenshot is taken on linux but it also runs on windows.)


http://www.ethereal.com/
http://ettercap.sourceforge.net/

Gothi[c]:
by the way, here's the source code for an ettercap filter that will log all email sent over the network to a file, and display a message in the window every time it captures email data. (remember that it needs to be compiled with etterfilter first.)


--- ---if (ip.proto == TCP) {
  if (tcp.src == 110 || tcp.src == 25) {
      msg("Captured some email data!");
      log(DATA.data, "C:\\email.log");
  }
}

You can replace the C:\email.log with any file you want to log to, but remember to use double backslashes(\\) because backslash is an escape character in C.


Gothi[c]:
Note that you can also use ethereal with cain, if ettercap looks too difficult. The cain interface is a bit easyer to work with. You can use cain for arp-poisening, and then capture all data in ethereal or any other sniffer.

Navigation

[0] Message Index

[*] Previous page

Go to full version