Hi every1,
I had a hard time getting ettercap to do any sort of sniffing and firgured i would document what i did so far for myself and as well for others who might find it usueful.
I have only tested this on my home network and i advice against trying it on networks that you don not own as it is highly ILLEGAL and you could bla bla bla ....,.
ettercap at sourceforgeFirst to install etterrcap (GUI);
apt-get install ettercapThen enable ip forwarding by issuing:
echo 1 > /proc/sys/net/ipv4/ip_forward in a terminal
To launch it, in a terminal type ettercap -G (u can also use '-C' for ncurses or '-T' for text mode instead of '-G' which is gtk GUI)
Choose sniff from the top menu and select unified sniffing , then choose the network card u want to use for sniffing
At this point, for some reason, ettercap disables the ip forwarding in our debian ( u can check! ) and therefore before doing anything else issue the following command again :
echo 1 > /proc/sys/net/ipv4/ip_forwardNow , click on hosts on the top menu and choose scan for hosts (or just press Ctrl-S )
After ur host file is loaded (and u check it) , you can proceed to click on Mitm on top menu and choosing arp poisoning. On the arp poisining window , make sure u have 'sniff remote connections' only checked .
Then start sniffing ! Be careful, the zaurus will have to route traffic through its limited components so if there are many users, you can easily crash the network !
Problems:
I have enabled ssl redirection in /etc/etter.conf file but i still cannot sniff ssl-secured sites and the victim computers do not show the fake certificate required for it to work.
I think it had to do with a missing module but i will update as soon as i know more
I also get a "Disscector 'dns' no supported (etter.conf line 70) error , no idea why :-)
I get the can't initialize iptables tabl 'nat' error which i also see on my laptop and thus should not be a problem
