| |
| |
| Errata Guide to Ettercap GUI : Through Trial,
Error & Experience |
| Author:
Rishabh Dangwal |
| |
| |
| |
|
|
|
| |
| |
| |
|
|
| |
| |
|
|
Ettercap is one of the best sniffing tools available today, but when
it comes to using it on non-security-distro's on which it is not
pre-configured to use with like Fedora, you might land into some
problems like me. It all started on a sunny day when I actually
thought to try it on Fedora Linux. |
|
|
|
PS : I won't be covering ncurses as its quite easy & offers little
to no hassles in operations, gave me no errors in operation
strangely.
|
| |
| |
| |
| |
| Anyways..I installed ettercap it by typing -
|
| |
[root@zion xero]#su
Password:
[root@zion xero]# yum install
ettercap
or
[root@zion xero]# yum install ettercap-gui |
| |
( I actually had problems with this one..)
Yum resolved
dependencies & installed it, I ran it on my local lan network assuming
to run it on default configuration. |
| |
[root@zion xero]# ettercap -T -Q -M ARP //192.168.1.3
It
successfully captured all the packets & I was able to get details about
capturing. The real problems started when I started to run it on GUI
mode.
[root@zion xero]# ettercap -G |
| |
 |
| |
| |
| |
| |
| On lauch, the gtk gui popped up & prompted me to the stuff. I quickly
pressed shift + U to choose network interface ( in this case my local
lan network hooked up to my roommates laptops ), & chose 'eth0' the
default Ethernet interface. I went ahead by scanning for hosts by
pressing "ctrl + s" & bam..it crashed. |
| |
ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA
Ooops ! This
shouldn't happen...
Segmentation Fault...
Please recompile in
debug mode, reproduce the bug and send a bugreport |
| |
 |
| |
okay..I got it..it might need to be crashing cause it has not been
updated since a long time. Ah well, I compromised it by scanning
partially for hosts & then running it. Again, I chose the host, added it
to my target,mitm & started ARP poisoning (using the menu) & then
started with unified sniffing.
I got nothing.
Realizing it was
not backtrack, I sensibly closed it ( rearping the network..not by
deliberately closing it like windows users do by abusing the [X] button)
& opened etter.conf |
| |
| [root@zion xero]# vi /etc/etter.conf |
| |
| & uncommented the iptables option to look like this |
| |
# if you use iptables:
redir_command_on = "iptables -t nat -A
PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp
--dport %port -j REDIRECT --to-port %rport" |
| |
saved it, ran it again.
Again, the same drill, partial hosts
scanning,target selection,mitm,arping,sniffing.
bang, I got
nothing..again.
I looked at the console output & found - |
| |
[root@zion xero]#
ettercap NG-0.7.3 copyright 2001-2004 ALoR &
NaGA
iptables v1.3.3: can't initialize iptables table `nat':
Permission denied (you must be root)
Perhaps iptables or your kernel
needs to be upgraded. |
| |
| wow..I am running the program as root , edited the read only file as
root & all i got was to upgrade my kernel ? bullshit! Anyways..back to
etter.conf , this time I changed the privileges to 0 |
| |
[privs]
ec_uid = 0 # nobody is the default
ec_gid = 0 #
nobody is the default |
| |
The program ran & the error went away :)
but still..i was unable
to capture anything in the GUI mode, guess the more user friendly you
make it, the more hassles you add with it...sheesh. I was into new stuff
like after 10 minutes of waiting I got this - |
| |
| SEND L3 ERROR: 44 byte packet (0800:06) destined to 192.168.xxx.xxx
was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Operation
not permitted) |
| |
Great...now this was what I was talking about. Now this really got
me moving. Its not like every day when you can target a network in CUI
using one command of a program but using a GUI has a lot of strings
attached.
Now I did everything very carefully, although I was still
not able to figure out the real reason of "Segmentation Fault problem" ,
but I guess everything works fine if you do it like this –
Configure etter.conf like I stated above, set uid to 0 & uncomment
iptables section.
run ettercap using kdesu, yep ran it with elevated
privileges in kde environment to avoid "cant initialize iptables error". |
| |
| [root@zion xero]# kdesu ettercap -G |
| |
give your password , & choose network interface (shift + U).
Once done, please be patient, open a new terminal window, change to root
& type this command (forwards packets, avoids error :P ) - |
| |
| [root@zion xero]# echo "1" > /proc/sys/net/ipv4/ip_forward |
| |
 |
| |
| it will avoid the "SEND L3 ERROR" . |
| |
| |
| |
| |
| Once done, do your drill & you
will be "finally" able to capture data using GUI. For the rest of elites
out there, I guess |
| |
| [root@zion xero]# ettercap -T -Q -M arp:remote -i eth0 /192.168.1.3/
// |
| |
 |
| |
| |
| Seems to work :) man...What a trip... I would choose wireshark over
it any day... |
| |
| |
| |
| |
If you have ever got into problems while
trying to run Ettercap on your Linux box then this guide will help
you to get rid of some of those nasty errors and let you smooth sailing.
|
| |
| |
| |
|
|
|
| |
| |
| |
| |
| |
