cain & able

hey guy's anyone familar with cain & able I was wondering why my ethernet interface address (10.1.2.160) isn't showing up in the dialog box?

2256411368_bbd27ae820_o.jpg
What's another word for Thesaurus?

Comments

  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,406 Admin
    Can you see the IP address when you do an ipconfig /all? If so, with what device is it associated? It may be that C&A can't configure (sniff) that type of device, so it doesn't list it.
  • aueddonlineaueddonline Member Posts: 611
    It shows up in the ipconfig /all readout,

    the 10.1.2.160 is tha ethernet adapter on the laptop i have C&A on, the 192.168.2.4 that shows in the dialogbox is the wireless adapter on the same laptop.

    before I changed the ethenet address of my laptop to 10.1.2.160 the sniffer worked fine on that interface and the IP address was showing up in the dialog box (the first in the list).
    What's another word for Thesaurus?
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,406 Admin
    Your laptop can communicate using the 10.1.2.160 adapter? If you change the network adapter back to the previous IP address and netmask, does C&A see it again? Was the previous IP address on the same subnet as your wireless adapter?
  • aueddonlineaueddonline Member Posts: 611
    yes it does see it if I change it back

    yes the two are on the same subnet
    What's another word for Thesaurus?
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,406 Admin
    Try disabling the wireless adapter and see if C&A can suddenly see the 10.1.2.160 adapter. Is your laptop configured to act as a router between the two adapters?
  • aueddonlineaueddonline Member Posts: 611
    ok i tried disabling the wireless adapter and what happen was that disapeard in the dialog box but the address of the the ethernet adapter was 255.255.255 etc, same as before.

    the only difference with the two setups I have is that when using the 10.1.2.160 address the ethernet is connected to a cisco switch.

    and when using the 192.168.2.2 the address is given out via DHCP by my home belkin router which has a hub in the back of it, which the ethenet is connected to
    What's another word for Thesaurus?
  • aueddonlineaueddonline Member Posts: 611
    i forgot to mention your router point

    as far as I know the laptop is not acting as a router between the two, how would i know?

    I can normally access two networks at the same time is I have each NIC configured on different subnets,
    What's another word for Thesaurus?
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,406 Admin
    Well, I'm a bit stumped. I use Cain on a computer with multiple Ethernet adapters on multiple subnets, including VMWare virtual adapters, and Cain can see and use all the adapters. When I en/disable adapters, or change their IP address, they change and dis/appear from Cain without needing to reboot. All Cain is doing is reading the list of enabled network adapters from Windows each time the Configuration Dialog box is displayed.

    Why Cain would choose not to display an adapter when only its IP address is changed is a mystery to me. If it never displayed the adapter then I'd say that WinPcap doesn't support the adapter's driver, but you have the latest WinPcap (v.4.0.2) installed. The only thing I can think of is to install WinDump and run the WinDump -D command to see if the adapter is detected by WinPcap. I assume it will be.
  • aueddonlineaueddonline Member Posts: 611
    i just checked the 'start sniffer on startup box' in the dialog box above and it's showing the IP address and mask now, I swear i had that box checked before with no change so don't know if that's what has done it

    the ' windump -d' command is only showing listening on the wireless adapter so i might not be at the end of the tunnel yet.

    thanks for your help JD, Appreciated
    What's another word for Thesaurus?
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,406 Admin
    i just checked the 'start sniffer on startup box' in the dialog box above and it's showing the IP address and mask now, I swear i had that box checked before with no change so don't know if that's what has done it
    That should have no effect. I select different network adapters all the time with the sniffer either on or off, and I've never seen a disappearing adapter before.
    the ' windump -d' command is only showing listening on the wireless adapter so i might not be at the end of the tunnel yet.
    That's a bad sign. Do you have the latest release of your adapter's driver installed?
    thanks for your help JD, Appreciated
    It's no problem at all; I love a good computer mystery! :D
  • aueddonlineaueddonline Member Posts: 611
    hey I worked out what it was, i was just having trouble with the other client on the subnet as it couldn't ping the switch.

    Both devices had the same IP icon_rolleyes.gif I know I'm bad, really bad

    so what must have happened is the PC loaded up first before and started using the ip address first, stopping my laptop using it.

    And the second time round the laptop got there first and C&A liked the interface, explains why changing the IP back to the 192 had it working again.

    still having the 'windump -d' problem I have 4.0.2 installed because it came with wireshark i did download that before C&A, in programs I can only see the one version, I might re install C&A tomorrow and see what version it's using, check it's the new one.


    On a brighter note i just did my first poison arp and sniffed the password the imaginary administrator was using to telnet to the switch


    Happy days
    What's another word for Thesaurus?
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,406 Admin
    Duplicate IPs was enough to prevent WinPcap from recognizing the adapter? That doesn't make sense to me at all. I just tried that on my own network and Cain still showed the adapter. Still, I'll be making a note of that in my long-term memory. Good detective work!
Sign In or Register to comment.