I am trying to understand the "remote option"
-M arp : oneway (ok this poisions from one group to the other in one direction)
-M arp (ok this poisions from one group to the other bi-directionally)
What is this remote option
what does -M arp:remote do that -M arp does not do.
From the manual...
Can anyone tell me what the above is really saying? Makes no sense to me.Code:The parameter "remote" is optional and you have to specify it if you want to sniff remote ip address poisoning a gateway. Indeed if you specify a victim and the gw in the TARGETS, ettercap will sniff only connection between them, but to enable ettercap to sniff connections that pass thru the gw, you have to use this parameter.
Thank you, I will do that.
After, though, pondering on it for a bit more I think this could be an interpretation.
A DNS request to the gateway by a client on the network is sniffable by ettercap with out the remote option. Or for instance a request to the gateway for it's web gui. That would be a connection between the client and the gateway (or even between two clients on the LAN).
But now if the client browses google.com. Thats a connection between the client and the google server. A connection that traverses the gateway. This is probably what they mean in the final part when they say "enable ettercap to sniff connections that pass thru the gw".
So I would conclude that ettercap by default will ignore all traffic destined beyond the gateway (i.e all traffic that is addressed to routable/public IPs). BUT if you want to capture this traffic you can specify the remote option, it will capture traffic addressed for IPs outside the non-routable/private IP range.