Results 1 to 3 of 3

Thread: Ettercap -M arp[:remote, oneway] option

  1. #1
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    9

    Default Ettercap -M arp[:remote, oneway] option

    Hi all

    I am trying to understand the "remote option"

    -M arp : oneway (ok this poisions from one group to the other in one direction)

    -M arp (ok this poisions from one group to the other bi-directionally)

    but ...

    What is this remote option

    what does -M arp:remote do that -M arp does not do.

    From the manual...
    Code:
    The parameter "remote" is optional and you have to specify it if you want to sniff remote ip address poisoning a gateway. Indeed if you specify a victim and the gw in the TARGETS, ettercap will sniff only connection between them, but to enable ettercap to sniff connections that pass thru the gw, you have to use this parameter.
    Can anyone tell me what the above is really saying? Makes no sense to me.

    Thanks.

  2. #2
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default

    Quote Originally Posted by moobius View Post
    Can anyone tell me what the above is really saying? Makes no sense to me.
    Many ideas come to mind, but I can't answer for sure. Either way, you should get better answers from ettercap forums.

  3. #3
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    9

    Default

    Thank you, I will do that.

    After, though, pondering on it for a bit more I think this could be an interpretation.

    A DNS request to the gateway by a client on the network is sniffable by ettercap with out the remote option. Or for instance a request to the gateway for it's web gui. That would be a connection between the client and the gateway (or even between two clients on the LAN).

    But now if the client browses google.com. Thats a connection between the client and the google server. A connection that traverses the gateway. This is probably what they mean in the final part when they say "enable ettercap to sniff connections that pass thru the gw".

    So I would conclude that ettercap by default will ignore all traffic destined beyond the gateway (i.e all traffic that is addressed to routable/public IPs). BUT if you want to capture this traffic you can specify the remote option, it will capture traffic addressed for IPs outside the non-routable/private IP range.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •