I read the Hacking Online Banking and Credit Card Transactions, but instead of getting banking password, i just want to sniff msn passwords, any webpage input the user sends. I turn fragroute, arpspoof and dnsspoof and i could see some information going thru my machine, and most of the things i couldn't understand. are the information on dnsspoof encrypted?
What else do i have to do to see the information that the user is sending and receiving to the net?
Thanks!

ps: I found this site yesterday and i'm loving it. lots of interesting things to read.
Good job!

First, thank you!

Second, I know it's illegal, thats why i'm testing in my own network.

Third, the target is in the same network

Fourth, the target is in the same network

Fifth, isn't fragroute the program that fowards the packets coming to your computer out? i guess i was wrong =/

Sixth, MSN was just an example, i wanted to see all data input the source sends to the internet. i didn't know msn convertations were encrypted.

I'll take a look at this WireShark, i read about it but never used.

So, All i need is arpspoof and WireShark?

I also use NetWitness when I need to reassemble data into readable format.   Wireshark has some incredible tools for piecing together and interpreting readable data from various protocols.  I think that NetWitness takes that to a new level.

If I am not wrong Cain & Abel might be interesting for you too.

Well, depending on what you're trying to see...  if it's ssl encrypted, you won't find much, without first either having the certs to decrypt the traffic, or doing an arp man-in-the-middle for the ssl session.

If it's not SSL, then it depends, again, on what you want to narrow it down to.  Do you have one IP address in mind, to grab traffic from, and want to eliminate others?  You can filter on ip.addr == ipaddress (where ipaddress is the target IP you want traffic to and from)  or if you know both ends, you can do the same thing twice, with && in between, to catch all traffic between the two IP's.  You can also experiment with port filters, if you KNOW everything you want is on 80, or another port.

It's all stuff you'll need to practice and play with.  If you're not used to doing traffic analysis with Wireshark, there are numerous books, online tutorials, and even paid CBT and video learning courses for it.  Laura Chappell's stuff is excellent to learn from.  Well worth the time and money, if you can afford them.

Tim (Hayabusa0194)