Network sniffing can be a huge time saver. It is more difficult to use remote Windows machines to perform this task for you as the network card needs to be in promiscuous mode, but it can be done. Ideally, you will find a Unix or Linux host that can be turned into a listening station with little to no effort.

Here we look at a compromised Linux host on the 192.168.101.0/24 subnet. Our attacking machine resides on 192.168.75.0/24 and cannot see the same traffic that the Linux machine does. We will use tcpdump which is readily available to many Linux distributions:

tcpdump -i eth0 -c 100 -n

Here we invoke tcpdump on the remote Kioptrix machine we have SSH'd into using the games account we set up during the post exploitation chapter. We use the -i option to specify that we would like to use eth0 as our listening adapter. We then tell the adapter to only capture the next 100 packets. The -n switch is used to avoid DNS lookups and will display IP numbers rather than...