Clarification needed on ettercap command line usage

Hi,

Consider the following two ways of running an instance of ettercap to arpspoof.

1.

Code:

---

ettercap -Tqo -i wlan0 -M arp:remote -P repoison_arp /G1/ G2/

---

2.

Code:

---

ettercap -Tq -i wlan0 -M arp:remote -P repoison_arp /G1/ G2/

---

In resources across google you find (1.) quite a bit. But I want to know if that is indeed a correct command line even though it does not return an error.

With (1.) there IS NO visual feedback that the repoison_arp plugin has started. I think the specification of the option "o" blocks it from starting?

With (2.) There IS visual feedback that the repoison_arp plugin has started.

My question is in the case of (1.) is it that the repoison_arp plugin simply starts silently and there is no feedback or is it the case that the use of it with the "o" option, invalidates it.

Thanks.

So you can ignore "-Tq" that's Text Only GUI and quiet mode. (For this discussion)

-M - Tells it to do a MITM attack.
-o - Tell it to only to the MITM attack and not sniff.
-P - Allows you to specify a plugin.

I'm guessing that by telling ettercap to do only a MITM attack (-o -M) the repoison_arp plugin is never run.

ettercap --help:

Quote:

---

ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA


Usage: ettercap [OPTIONS] [TARGET1] [TARGET2]

TARGET is in the format MAC/IPs/PORTs (see the man for further detail)

Sniffing and Attack options:
-M, --mitm <METHOD:ARGS> perform a mitm attack
-o, --only-mitm don't sniff, only perform the mitm attack
-B, --bridge <IFACE> use bridged sniff (needs 2 ifaces)
-p, --nopromisc do not put the iface in promisc mode
-u, --unoffensive do not forward packets
-r, --read <file> read data from pcapfile <file>
-f, --pcapfilter <string> set the pcap filter <string>
-R, --reversed use reversed TARGET matching
-t, --proto <proto> sniff only this proto (default is all)

User Interface Type:
-T, --text use text only GUI
-q, --quiet do not display packet contents
-s, --script <CMD> issue these commands to the GUI
-C, --curses use curses GUI
-G, --gtk use GTK+ GUI
-D, --daemon daemonize ettercap (no GUI)

Logging options:
-w, --write <file> write sniffed data to pcapfile <file>
-L, --log <logfile> log all the traffic to this <logfile>
-l, --log-info <logfile> log only passive infos to this <logfile>
-m, --log-msg <logfile> log all the messages to this <logfile>
-c, --compress use gzip compression on log files

Visualization options:
-d, --dns resolves ip addresses into hostnames
-V, --visual <format> set the visualization format
-e, --regex <regex> visualize only packets matching this regex
-E, --ext-headers print extended header for every pck
-Q, --superquiet do not display user and password

General options:
-i, --iface <iface> use this network interface
-I, --iflist show all the network interfaces
-n, --netmask <netmask> force this <netmask> on iface
-P, --plugin <plugin> launch this <plugin>
-F, --filter <file> load the filter <file> (content filter)
-z, --silent do not perform the initial ARP scan
-j, --load-hosts <file> load the hosts list from <file>
-k, --save-hosts <file> save the hosts list to <file>
-W, --wep-key <wkey> use this wep key to decrypt wifi packets
-a, --config <config> use the alterative config file <config>

Standard options:
-U, --update updates the databases from ettercap website
-v, --version prints the version and exit
-h, --help this help screen

---