From charlesreid1

This page covers man in the middle attacks and tools that focus on sniffing traffic.

Related laboratories:


When it comes to sniffing traffic during a man in the middle attack, you have multiple options. You can utilize tools to conduct a man in the middle attack that have built-in functionality to sniff traffic (e.g., Ettercap). You can use tools that expect a tapped network connection to already exist. You can even capture traffic from a man-in-the-middle session and record it for later offline analysis.

Different tools for different objectives and techniques.


Ettercap is a tool for conducting man in the middle attacks that has sniffing functionality built in. Ettercap works by creating a network bridge between two network interfaces, and it allows you to look at (and modify) traffic that flows through that network bridge. The sniffing comes along for the ride when you use Ettercap.


Dsniff is a suite of tools, each relating to particular protocols. It has the capability to deal with SSL/SSH/HTTPS. It can also deal specifically with web traffic, email traffic, ftp, sql, socks, cvs, images, etc. This provides a very targeted method of attacking streams of particular types of data.