http://www.openmaniak.com/tcpdump.php http://www.networksorcery.com/enp/default0904.htm http://www.ethereal.com/faq.html#promiscsniff http://tutorials.papamike.ca/pub/tcpdump.html

ettercap

ettercap -T // (all hosts)

ettercap -G (GTK front end, scan host, then start sniffing)

dsniff

webspy host tcpkill dsniff

arpspoof dnsspoof dsniff filesnarf macof mailsnarf msgsnarf sshmitm tcpkill tcpnice urlsnarf webmitm

in windows windump -D (discover interface) windump -i 2 (user interface 2)

windump -i 2 -w d.pcap (-w d.txt, save to d.txt, only on tcp port 80)\

windump -r d.pcap -w http.pcap tcp port 80 ( read the dump file, and write to http.pcap with info on tcp port 80)

windump -XX -r d.pcap (print header and data in heax and asii)

case study: netstat -n (print numeric) netstat (get the host name, confirm with the numeric) tcpdump (or windump, then save the file)

then read the packets file with tcpdump to find the HTTP get request (find what file we are getting)

host + file = absolute path.

arp

arp -a (display all ip->mac)