Some problems with ettercap and MITM
Hi,
fist I want to introduce myself a bit:
My nickname is h3d0x (as you can see) and I'm from Germany. Actually I'm a software engineer (C++, Web [PHP + MySQL + JS + HTML etc.] and assembler) but I'm also interested in security related themes.
So i try to do a MITM attack and so far all is working correctly, what means: The ARP-Tables are "patched" successfully (on the router and on the iPod Touch (<- my testing device))
Network setup:
00:25:fe:68:0f:aa = 192.168.178.1 = Router
00:27:BB:C2:0C:00 = 192.168.178.26 = iPod
00:23:D2:41:46:A9 = 192.168.178.24 = BT4-Computer
The ARP-Tables:
Router [before]:
# cat /proc/net/arp
IP address HW type Flags HW address Mask Device
192.168.178.26 0x1 0x2 00:27:BB:C2:0C:00 * lan
192.168.178.24 0x1 0x2 00:23:D2:41:46:A9 * lan
Router [after]:
# cat /proc/net/arp
IP address HW type Flags HW address Mask Device
192.168.178.26 0x1 0x2 00:23:D2:41:46:A9 * lan
192.168.178.24 0x1 0x2 00:23:D2:41:46:A9 * lan
iPod [bevore]
# arp -n -a
? (192.168.178.1) at 0:25:fe:68:0f:aa on en0 [ethernet]
? (192.168.178.24) at 0:23:d2:41:46:a9 on en0 [ethernet]
iPod [after]
# arp -n -a
? (192.168.178.1) at 0:23:d2:41:46:a9 on en0 [ethernet]
? (192.168.178.24) at 0:23:d2:41:46:a9 on en0 [ethernet]
So far all right, but:
I can not either load any webpage on the iPod or ping the iPod from the router (ping 192.168.178.26)
What's wrong?
Hope anyone can help me
btw: sorry for my (probably) bad english
Re: Some problems with ettercap and MITM
Have you uncommented the iptables in the etter.conf file?
Re: Some problems with ettercap and MITM
If you have uncommented the rules in etter.conf also try to check if you have any firewall on or something that might block the traffic :)
Re: Some problems with ettercap and MITM
don't forget to set up packet forwarding otherwise MITM will work but packets will not be forwarded to their destinations
AW: Some problems with ettercap and MITM
yes, i uncommented the iptable roules in the etter.conf file (located at /etc right? or is there any other conf file?) and i enabled packet forwarding ( echo 1 > /proc/sys/net/ipv4/ip_forward )
The strange thing is, i can see in the "connections-window" some DNS request's (on port 53). These are forwarded correctly to the router but no other connections are shown there (like http on port 80 or any other)
Re: AW: Some problems with ettercap and MITM
Quote:
Originally Posted by
h3d0x
located at /etc right?
Yes, that's the file. How are you running BackTrack? Did you ran the iptables command?
Re: AW: Some problems with ettercap and MITM
Are you following a specific tutorial ? What kind of MITM are you using from ettercap and what are you trying to achieve with this MITM ?
AW: Some problems with ettercap and MITM
No, im not folowing a specific tutorial or how-to
I simply want to redirect the traffic through ettercap ;)
next i want to edit packets etc .. but at the moment "sniffing" isnt working at all -.-
Re: Some problems with ettercap and MITM
Could you describe what are you doing? Commands launched, options used, etc...
