Ettercap

I spent some time today playing around with Ettercap, the ARP poisoning tool. (On our own network, of course.) Sometimes it is fun to watch network traffic with e.g. Ethereal, but if you use a switched network, you can only see the traffic coming and going to the machine doing the sniffing. Ettercap allows you to spoof the ARP entries in other machines on the network so that their traffic is redirected through your sniffer. Today, I was using tulip (running Debian) as the sniffer and targeted harpsichord (running XP) to see if it would work. I was easily able to capture http traffic to and from harpsichord. Happily, I didn't see any passwords go by in the clear. Of course, just a cursory examination proves little. I was a little confused when I opened a samba share that resides on daisy without seeing any traffic being logged on the sniffer. How were those samba packets getting around the ARP poisoning? I'm embarrassed it took me a while to realize that I had only poisoned harpsichord and the gateway. Since daisy and harpsichord are on the same subnet, they communicate without the aid of the gateway. Poisoning daisy, the smb traffic was revealed.

I have in the past noticed the number of unsolicited packets coming off the Internet that get dropped by our firewall. Mostly, they are aimed at the windows file sharing ports. Supposedly these are due to worms attempting to infect other systems. Someday, I might try exposing an un-updated XP machine through the router's DMZ to see how long it takes to get infected. That's where Ettercap comes in. Right now, I don't have a computer that I can use as a guinea pig, though.

In other news, I am now using a shared apt cache to update my Debian/Testing systems. I just added a noauto entry to /etc/fstab that I can mount over /var/cache/apt/archives before running apt-get upgrade.

I finally fixed the power connector on the Sony laptop. It has a nonstandard barrel type connector. The ring contact consists of a little copper tab on the inside of the back of the jack. The rest of the jack is plastic, except for the tip contact. Over time, the ring contact had weakened and moved away from the inside of the jack until it could no longer make a good connection to the plug. I took the laptop apart, which is a pain in the ass, and unsoldered the power jack. To get the ring contact to extend further into the jack, I wedged a little bit copper wire between the contact and the housing. The plug now fits much more snuggly, and the connection seems good. Unfortunately, at one point I walked away to get a tool, and the damn soldering iron moved over and melted a hole in the plastic of the laptop's case. Luckily, it only did cosmetic damage. Not one of my best repair jobs, though.