I had a hard time getting ettercap to do any sort of sniffing and firgured i would document what i did so far for myself and as well for others who might find it usueful.
I have only tested this on my home network and i advice against trying it on networks that you don not own as it is highly ILLEGAL and you could bla bla bla ....,.
ettercap at sourceforge
First to install etterrcap (GUI); apt-get install ettercap
Then enable ip forwarding by issuing: echo 1 > /proc/sys/net/ipv4/ip_forward in a terminal
To launch it, in a terminal type ettercap -G (u can also use '-C' for ncurses or '-T' for text mode instead of '-G' which is gtk GUI)
Choose sniff from the top menu and select unified sniffing , then choose the network card u want to use for sniffing
At this point, for some reason, ettercap disables the ip forwarding in our debian ( u can check! ) and therefore before doing anything else issue the following command again :
echo 1 > /proc/sys/net/ipv4/ip_forward
Now , click on hosts on the top menu and choose scan for hosts (or just press Ctrl-S )
After ur host file is loaded (and u check it) , you can proceed to click on Mitm on top menu and choosing arp poisoning. On the arp poisining window , make sure u have 'sniff remote connections' only checked .
Then start sniffing ! Be careful, the zaurus will have to route traffic through its limited components so if there are many users, you can easily crash the network !
I have enabled ssl redirection in /etc/etter.conf file but i still cannot sniff ssl-secured sites and the victim computers do not show the fake certificate required for it to work.
I think it had to do with a missing module but i will update as soon as i know more
I also get a "Disscector 'dns' no supported (etter.conf line 70) error , no idea why :-)
I get the can't initialize iptables tabl 'nat' error which i also see on my laptop and thus should not be a problem