A: This can happen after Winpcap installation. Try to reboot the system !
A: Passwords and hashes are stored in .LST files in the program's directory. These files are comma separated files so you can view or import them with your preferred word processor. (ex: POP3.LST contains passwords and hashes sniffed from the POP3 protocol).
A: You can't because you need APR and a Man-in-the-Middle condition to do that. These protocols are based on asymmetric encryption so something in the communication (encryption keys and certificates) needs to be changed on the fly. The Winpcap driver, by design, cannot block packets when they enter or leave your network card so the fake information cannot be injected correctly.
A: The sniffer supports DES, 3DES and Blowfish.
A: No, DSniff works in HALF-DUPLEX PROXY mode that means that the victim machine talks to the SSH-1 server by mean of the sniffer using sockets. In this situation only the client-side traffic is decrypted and the sniffer establishes a socket connection to SSH server exposing its IP address. Cain uses APR and works in FULL-DUPLEX STEALTH mode decrypting both client and server traffic. If spoofing is enabled the sniffer's IP and MAC addresses are never exposed to the victim. Try a "netstat -an" on the client to check yourself.
No. The only requirement is a Man-in-the-Middle situation that can be obtained with APR.
A: Because this feature has not been implemented yet. However don't feel yourself "secure" only because you are using compression.
A: Because that server certificate is not the real one signed by a Trusted Root Certification Authority. It has been generated, self signed and injected by Cain to the client's browser.
A: They contains exactly the same information as the real ones except for asymmetric encryption keys.
A: No, Cain's HTTPS sniffer works in FULL-DUPLEX CLIENT-SIDE STEALTH mode. Both server and client traffic is decrypted and if spoofing is enabled the sniffer's IP and MAC addresses are never exposed to the victim. Try a "netstat -an" on the client to check yourself.
A: No. The only requirement is a Man-in-the-Middle condition that can be achieved with APR.
A: The sniffer does not support the codec used in that RTP session.