SecurityXploded.com
Errata Guide to Ettercap GUI : Through Trial, Error & Experience | www.SecurityXploded.com
 
 
Errata Guide to Ettercap GUI : Through Trial, Error & Experience
Author: Rishabh Dangwal 
 
 
 
See Also
 
 
 
Contents
 
 
Introduction
Ettercap is one of the best sniffing tools available today, but when it comes to using it on non-security-distro's on which it is not pre-configured to use with like Fedora, you might land into some problems like me. It all started on a sunny day when I actually thought to try it on Fedora Linux.
 
PS : I won't be covering ncurses as its quite easy & offers little to no hassles in operations, gave me no errors in operation strangely.
 
 
 
Installation of Ettercap
 
Anyways..I installed ettercap it by typing -
 
[root@zion xero]#su
Password:
[root@zion xero]# yum install ettercap
or
[root@zion xero]# yum install ettercap-gui
 
( I actually had problems with this one..)

Yum resolved dependencies & installed it, I ran it on my local lan network assuming to run it on default configuration.
 
[root@zion xero]# ettercap -T -Q -M ARP //192.168.1.3
It successfully captured all the packets & I was able to get details about capturing. The real problems started when I started to run it on GUI mode.
[root@zion xero]# ettercap -G
 
ettercap screen
 
 
 
Playing Cat & Mouse with Ettercap
 
On lauch, the gtk gui popped up & prompted me to the stuff. I quickly pressed shift + U to choose network interface ( in this case my local lan network hooked up to my roommates laptops ), & chose 'eth0' the default Ethernet interface. I went ahead by scanning for hosts by pressing "ctrl + s" & bam..it crashed.
 
ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA
Ooops ! This shouldn't happen...
Segmentation Fault...
Please recompile in debug mode, reproduce the bug and send a bugreport
 
ettercap error screen
 
okay..I got it..it might need to be crashing cause it has not been updated since a long time. Ah well, I compromised it by scanning partially for hosts & then running it. Again, I chose the host, added it to my target,mitm & started ARP poisoning (using the menu) & then started with unified sniffing.
I got nothing.

Realizing it was not backtrack, I sensibly closed it ( rearping the network..not by deliberately closing it like windows users do by abusing the [X] button) & opened etter.conf
 
[root@zion xero]# vi /etc/etter.conf
 
& uncommented the iptables option to look like this
 
# if you use iptables:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
 
saved it, ran it again.

Again, the same drill, partial hosts scanning,target selection,mitm,arping,sniffing.
bang, I got nothing..again.

I looked at the console output & found -
 
[root@zion xero]#
ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA
iptables v1.3.3: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
 
wow..I am running the program as root , edited the read only file as root & all i got was to upgrade my kernel ? bullshit! Anyways..back to etter.conf , this time I changed the privileges to 0
 
[privs]
ec_uid = 0 # nobody is the default
ec_gid = 0 # nobody is the default
 
The program ran & the error went away :)

but still..i was unable to capture anything in the GUI mode, guess the more user friendly you make it, the more hassles you add with it...sheesh. I was into new stuff like after 10 minutes of waiting I got this -
 
SEND L3 ERROR: 44 byte packet (0800:06) destined to 192.168.xxx.xxx was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Operation not permitted)
 
Great...now this was what I was talking about. Now this really got me moving. Its not like every day when you can target a network in CUI using one command of a program but using a GUI has a lot of strings attached.

Now I did everything very carefully, although I was still not able to figure out the real reason of "Segmentation Fault problem" , but I guess everything works fine if you do it like this

Configure etter.conf like I stated above, set uid to 0 & uncomment iptables section.

run ettercap using kdesu, yep ran it with elevated privileges in kde environment to avoid "cant initialize iptables error".
 
[root@zion xero]# kdesu ettercap -G
 
give your password , & choose network interface (shift + U).
Once done, please be patient, open a new terminal window, change to root & type this command (forwards packets, avoids error :P ) -
 
[root@zion xero]# echo "1" > /proc/sys/net/ipv4/ip_forward
 
ettercap screen
 
it will avoid the "SEND L3 ERROR" .
 
 
 
Finally Cat gets Mouse !
 
Once done, do your drill & you will be "finally" able to capture data using GUI. For the rest of elites out there, I guess
 
[root@zion xero]# ettercap -T -Q -M arp:remote -i eth0 /192.168.1.3/ //
 
ettercap final screen
 
 
Seems to work :) man...What a trip... I would choose wireshark over it any day...
 
 
 
Conclusion
 
If you have ever got into problems while trying to run Ettercap on your Linux box then this guide will help you to get rid of some of those nasty errors and let you smooth sailing.
 
 
 
See Also