Another proof of concept
-spoofing causing the ability to sniff traffic is ettercap
. This utility allows an unprecedented level of ability to listen and inject network traffic
The default behaviour of Ettercap is as follows:
It first ARP-storms
the local subnet
it is run off of, gathering MAC address
es of all hosts on the subnet.
It then uses an NMAP
-style OS-detection and gathers all of the information for the subnet into a large list.
At this point, the user is left with the selection of a source
address to sniff traffic off of.
Ettercap found here:
Keep in mind that many network admins
don't like it if you do this sort of thing without permission, so ask first.