Errata guide to Ettercap GUI - through trial, error & experience.

Ettercap is one of the best sniffing tools available to day, but when it comes to using it on non-security-distro's on Noobs guide to Ettercap GUI - through trial, error & experience. - theprohack.com which it is not pre-configured to use with like Fedora , you might land into some problems like me. It all started on a sunny day when I actually thought to try it on Fedora Linux.

PS : I wont be covering ncurses as its quite easy & offers little to no hassles in operations, gave me no errors in operation strangely.

Anyways..I installed ettercap it by typing -

[root@zion xero]#su
Password:
[root@zion xero]# yum install ettercap

or

[root@zion xero]# yum install ettercap-gui

( I actually had problems with this one..)

Yum resolved dependencies & installed it, I ran it on my local lan network assuming to run it on default configuration.

[root@zion xero]# ettercap -T -Q -M ARP //192.168.1.3

It successfully captured all the packets & I was able to get details about capturing.   The real problems started when I started to run it on GUI mode.

[root@zion xero]# ettercap –G

Ettercap - looks promising - theprohack.com

well, the gtk gui popped up & prompted me to the stuff. I quickly pressed shift + U to choose network interface ( in this case my local lan network hooked up to my roommates laptops ), & chose 'eth0' the default Ethernet interface. I went ahead by scanning for hosts by pressing "ctrl + s" & bam..it crashed.

ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA

Ooops ! This shouldn't happen...

Segmentation Fault...

Please recompile in debug mode, reproduce the bug and send a bugreport

Bam..segmentation fault - theprohack.com

okay..I got it..it might need to be crashing cause it has not been updated since a long time. Ah well, I compromised it by scanning partially for hosts & then running it. Again, I chose the host, added it to my target,mitm & started ARP poisoning (using the menu) & then started with unified sniffing.

I got nothing.

Realizing it was not backtrack, I sensibly closed it ( rearping the network..not by deliberately closing it like windows users do by abusing the [X] button) & opened etter.conf

[root@zion xero]# vi /etc/etter.conf

& uncommented the iptables option to look like this

# if you use iptables:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

saved it, ran it again.

Again, the same drill, partial hosts scanning,target selection,mitm,arping,sniffing.

bang, I got nothing..again.
I looked at the console output & found -

[root@zion xero]#
ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA

iptables v1.3.3: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

wow..I am running the program as root , edited the read only file as root & all i got was to upgrade my kernel ? bullshit! Anyways..back to etter.conf , this time I changed the privileges to 0

[privs]
ec_uid = 0                # nobody is the default
ec_gid = 0                # nobody is the default

The program ran & the error went away :)

but still..i was unable to capture anything in the GUI mode, guess the more user friendly you make it, the more hassles you add with it...sheesh. I was into new stuff like after 10 minutes of waiting I got this -

SEND L3 ERROR: 44 byte packet (0800:06) destined to 192.168.xxx.xxx was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Operation not permitted)

great...now this was what I was talking about. Now this really got me moving. Its not like everyday when you can target a network in CUI using one command of a program but using a GUI has a lot of strings attached.

Now I did everything very carefully, although I was still not able to figure out the real reason of "Segmentation Fault problem" , but I guess everything works fine if you do it like this -

Configure etter.conf like I stated above, set uid to 0 & uncomment iptables section.

run ettercap using kdesu, yep ran it with elevated privileges in kde environment to avoid "cant initialize iptables error".

[root@zion xero]# kdesu ettercap -G

give your password , & choose network interface (shift + U).

Once done, please be patient, open a new terminal window, change to root & type this command (forwards packets, avoids error :P ) -

[root@zion xero]# echo "1" > /proc/sys/net/ipv4/ip_forward

ettercap now works - theprohack.com

it will avoid the "SEND L3 ERROR" . Once done, do your drill & you will be "finally" able to capture data using GUI. For the rest of elites out there, I guess

[root@zion xero]# ettercap -T -Q -M arp:remote -i eth0 /192.168.1.3/ //

final

seems to work :) man..what a trip.. I would choose wireshark over it anyday..

Happy new year once again..

Untitled-2

 

Like This post ?  You can buy me a Beer :)

Posted by XERO. ALL RIGHTS RESERVED.

1 comment:

  1. SEND L3 ERROR: 48 byte packet (0800:06) destined to 120.89.96.9 was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Operation not permitted)

    ReplyDelete

Need to say something ? Spell it out :)