I'm having some troubles with ettercap.
I'm running BT2 inside VMware server 1.05, and was able to get ettercap up and running with a bit of mucking about. Any websites that used SSL popped up with a confirm box, and if you hit yes it captured the password. In fact it seemed to be working a little too well where everyone in the host list (only one computer was added to the right column target list) was getting popups for certificates, even though the target computer was the only one being recorded. Once I removed everyone from the host list but the target computer it all seemed to work fine. I had a nice little list of certificates being collected.
Today though upon booting up I canít get it to work for the life of me. Every time I turn on ARP poisoning my internet slows to a crawl. If I then go to a site that has an SSL certificate, my internet drops out. I have to shut down ettercap and disconnect and reconnect the target machine to the network. One the one occasion I was able to capture a certificate, it had an X next to it in the profiles tab, but no IP address.
Now, some details:
1) Wireshark still works fine in promiscuous mode
2) Iíve edited the comments out in the etter.conf file
3) Thinking that it was having troubles sending files back to the router, I added the virtual machine IP to the DHCP list on the router.
4) I am currently using my host machine (the one running the virtual server) as the target machine as xxx.xxx.xxx.111, and the virtual server as the attacker as 112. Could this be causing problems trying to ARP attack myself from the same machine? It seemed to be working fine yesterday.
So Iím out of ideas. Why would turning on ARP poisoning kill my whole internet? Why wouldnít it be recording certificates anymore? What could have changed since yesterday?