New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ARP poisoning not working #914
Comments
Hi @fhred The second warning lets assume you're located in a dual-stack envrionment running IPv6 with IPv4 in parallel. The warning itself is just a experience from the past. So you'd set this to 0:
Since ARP acts between IP and Ethernet, poisoning an ARP cache relies on IP information given that it should poison. Since you're apparently in IPv6 also active environment, you'd consider doing similarly ND poisoning because ARP is limited to IPv4 only. And also the ip6tables commands to redirect IPv6 SSL traffic accordingly. |
Hi @koeppea Thanks for you help. After doing these steps it worked.
The IPv6 part was not needed, the network only supports IPv4, so explicitly giving ettercap the IPv4 addresses was enough.
While running
where can I lookup what these letters at the end stand for? Stuff like: |
The verbose output (can be toggled by hitting ) shows the relvant TCP related information. The letters stand for the various flags like S for SYN, A for ACK and F for FIN. Reg. dissecting the packet capture file, it's heavily depdent on the network analysis software. E.g. Wireshark shows pure Bytes In Flight segments as TCP. Only if a set of segments compose a complete TLS message, Wireshark shows these finalizing packets as a TLS packet. However, you don't see the decrypted packets content though. Ettercap currently dumps only the raw packet arriving. This isn't yet supported by Ettercap. You can only inpect the content by detailing the connection in the connections list. For that, the use of the graphical interface is recommended. Cloing the issue since the actual issue is fixed. |
ettercap version: 0.8.2
Ubuntu version: 18.04
setup:
network hub on which the following devices are connected:
Using Wireshark I can sniff all packages via my Ethernet port (enxa0cec8066e9e), everything works as expected.
Now I am trying to MitM the TLS Connecting of the Philips Hue Hub and the Smartphone. To do so I manually installed a certificate in the Hue App running on the Smartphone -- originally there was the Hue Hub certificate installed.
So everything that is left to do is run ettercap as a MitM with my new certificate and capture the traffic in a
.pcap
file. Here is what I've tried (linebreaks just for readability):I get the warning:
and the error:
I really appreciate any help on why this doesn't work and what the warning means.
The text was updated successfully, but these errors were encountered: