Jump to content
me.mello

Errata Guide to Ettercap GUI : Through Trial, Error & Experience

Recommended Posts

Author: Dangwal

Introduction

Ettercap is one of the best sniffing tools available today, but when it comes to using it on non-security-distro's on which it is not pre-configured to use with like Fedora, you might land into some problems like me. It all started on a sunny day when I actually thought to try it on Fedora Linux.

ettercap_1.jpg

PS : I won't be covering ncurses as its quite easy & offers little to no hassles in operations, gave me no errors in operation strangely.

Installation of Ettercap

Anyways..I installed ettercap it by typing -


[root@zion xero]#su
Password:
[root@zion xero]# yum install ettercap
or
[root@zion xero]# yum install ettercap-gui

( I actually had problems with this one..)

Yum resolved dependencies & installed it, I ran it on my local lan network assuming to run it on default configuration.


[root@zion xero]# ettercap -T -Q -M ARP //192.168.1.3
It successfully captured all the packets & I was able to get details about capturing. The real problems started when I started to run it on GUI mode.
[root@zion xero]# ettercap -G

ettercap_2.jpg

Playing Cat & Mouse with Ettercap

On lauch, the gtk gui popped up & prompted me to the stuff. I quickly pressed shift + U to choose network interface ( in this case my local lan network hooked up to my roommates laptops ), & chose 'eth0' the default Ethernet interface. I went ahead by scanning for hosts by pressing "ctrl + s" & bam..it crashed.


ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA
Ooops ! This shouldn't happen...
Segmentation Fault...
Please recompile in debug mode, reproduce the bug and send a bugreport

ettercap_3.jpg

okay..I got it..it might need to be crashing cause it has not been updated since a long time. Ah well, I compromised it by scanning partially for hosts & then running it. Again, I chose the host, added it to my target,mitm & started ARP poisoning (using the menu) & then started with unified sniffing.

I got nothing.

Realizing it was not backtrack, I sensibly closed it ( rearping the network..not by deliberately closing it like windows users do by abusing the [X] button) & opened etter.conf

[root@zion xero]# vi /etc/etter.conf

& uncommented the iptables option to look like this


# if you use iptables:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

saved it, ran it again.

Again, the same drill, partial hosts scanning,target selection,mitm,arping,sniffing.

bang, I got nothing..again.

I looked at the console output & found -


[root@zion xero]#
ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA
iptables v1.3.3: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

wow..I am running the program as root , edited the read only file as root & all i got was to upgrade my kernel ? bullshit! Anyways..back to etter.conf , this time I changed the privileges to 0


[privs]
ec_uid = 0 # nobody is the default
ec_gid = 0 # nobody is the default

The program ran & the error went away :)

but still..i was unable to capture anything in the GUI mode, guess the more user friendly you make it, the more hassles you add with it...sheesh. I was into new stuff like after 10 minutes of waiting I got this -


SEND L3 ERROR: 44 byte packet (0800:06) destined to 192.168.xxx.xxx was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Operation not permitted)

Great...now this was what I was talking about. Now this really got me moving. Its not like every day when you can target a network in CUI using one command of a program but using a GUI has a lot of strings attached.

Now I did everything very carefully, although I was still not able to figure out the real reason of "Segmentation Fault problem" , but I guess everything works fine if you do it like this ?

Configure etter.conf like I stated above, set uid to 0 & uncomment iptables section.

run ettercap using kdesu, yep ran it with elevated privileges in kde environment to avoid "cant initialize iptables error".

[root@zion xero]# kdesu ettercap -G

give your password , & choose network interface (shift + U).

Once done, please be patient, open a new terminal window, change to root & type this command (forwards packets, avoids error :P ) -

[root@zion xero]# echo "1" > /proc/sys/net/ipv4/ip_forward

ettercap_4.jpg

it will avoid the "SEND L3 ERROR" .

Finally Cat gets Mouse !

Once done, do your drill & you will be "finally" able to capture data using GUI. For the rest of elites out there, I guess

[root@zion xero]# ettercap -T -Q -M arp:remote -i eth0 /192.168.1.3/ //

ettercap_5.jpg

Seems to work :) man...What a trip... I would choose wireshark over it any day...

Conclusion

If you have ever got into problems while trying to run Ettercap on your Linux box then this guide will help you to get rid of some of those nasty errors and let you smooth sailing.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...