Thread: iLiad How I failed to catch the update process
View Single Post
Old 08-08-2006, 09:37 AM   #9
TadW
Uebermensch
TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.
 
TadW's Avatar
 
Posts: 2,583
Karma: 1094606
Join Date: Jul 2003
Location: Italy
Device: Kindle
Quote:
Originally Posted by deadite66
well i had a try at catching the ids traffic with a mitm attack via lan/wlan with ettercap.
tried my router and setting my laptop at an open AP but i've given up, ettercap didn't seem to do anything on the router and the iliad wouldn't connect to the laptop
Good idea, I brought it up earlier but it didn't seem that too many people were interested. Let me help you with setting up the ARP spoofing:

Let's assume:
  • your router has the IP 192.168.0.1 and acts as the gateway
  • your iLiad has the IP 192.168.0.10
  • your laptop has the IP 192.168.0.11

Then use the following Ettercap commandline to log all traffic between your router and the iLiad:

Code:
ettercap -T -L /tmp/logfile.log -M arp:remote /192.168.0.1/ /192.168.0.10/
If iDS uses a secured connection (over SSL), you'll have to do some extra work to import the certificate into Ettercap.
TadW is offline   Reply With Quote