Results 1 to 2 of 2

Thread: Clarification needed on ettercap command line usage

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    9

    Default Clarification needed on ettercap command line usage

    Hi,

    Consider the following two ways of running an instance of ettercap to arpspoof.

    1.
    Code:
    ettercap -Tqo -i wlan0 -M arp:remote -P repoison_arp /G1/ G2/
    2.
    Code:
    ettercap -Tq -i wlan0 -M arp:remote -P repoison_arp /G1/ G2/
    In resources across google you find (1.) quite a bit. But I want to know if that is indeed a correct command line even though it does not return an error.

    With (1.) there IS NO visual feedback that the repoison_arp plugin has started. I think the specification of the option "o" blocks it from starting?

    With (2.) There IS visual feedback that the repoison_arp plugin has started.

    My question is in the case of (1.) is it that the repoison_arp plugin simply starts silently and there is no feedback or is it the case that the use of it with the "o" option, invalidates it.

    Thanks.

  2. #2
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: Clarification needed on ettercap command line usage

    So you can ignore "-Tq" that's Text Only GUI and quiet mode. (For this discussion)

    -M - Tells it to do a MITM attack.
    -o - Tell it to only to the MITM attack and not sniff.
    -P - Allows you to specify a plugin.

    I'm guessing that by telling ettercap to do only a MITM attack (-o -M) the repoison_arp plugin is never run.

    ettercap --help:
    ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA


    Usage: ettercap [OPTIONS] [TARGET1] [TARGET2]

    TARGET is in the format MAC/IPs/PORTs (see the man for further detail)

    Sniffing and Attack options:
    -M, --mitm <METHOD:ARGS> perform a mitm attack
    -o, --only-mitm don't sniff, only perform the mitm attack
    -B, --bridge <IFACE> use bridged sniff (needs 2 ifaces)
    -p, --nopromisc do not put the iface in promisc mode
    -u, --unoffensive do not forward packets
    -r, --read <file> read data from pcapfile <file>
    -f, --pcapfilter <string> set the pcap filter <string>
    -R, --reversed use reversed TARGET matching
    -t, --proto <proto> sniff only this proto (default is all)

    User Interface Type:
    -T, --text use text only GUI
    -q, --quiet do not display packet contents
    -s, --script <CMD> issue these commands to the GUI
    -C, --curses use curses GUI
    -G, --gtk use GTK+ GUI
    -D, --daemon daemonize ettercap (no GUI)

    Logging options:
    -w, --write <file> write sniffed data to pcapfile <file>
    -L, --log <logfile> log all the traffic to this <logfile>
    -l, --log-info <logfile> log only passive infos to this <logfile>
    -m, --log-msg <logfile> log all the messages to this <logfile>
    -c, --compress use gzip compression on log files

    Visualization options:
    -d, --dns resolves ip addresses into hostnames
    -V, --visual <format> set the visualization format
    -e, --regex <regex> visualize only packets matching this regex
    -E, --ext-headers print extended header for every pck
    -Q, --superquiet do not display user and password

    General options:
    -i, --iface <iface> use this network interface
    -I, --iflist show all the network interfaces
    -n, --netmask <netmask> force this <netmask> on iface
    -P, --plugin <plugin> launch this <plugin>
    -F, --filter <file> load the filter <file> (content filter)
    -z, --silent do not perform the initial ARP scan
    -j, --load-hosts <file> load the hosts list from <file>
    -k, --save-hosts <file> save the hosts list to <file>
    -W, --wep-key <wkey> use this wep key to decrypt wifi packets
    -a, --config <config> use the alterative config file <config>

    Standard options:
    -U, --update updates the databases from ettercap website
    -v, --version prints the version and exit
    -h, --help this help screen
    Last edited by thorin; 02-23-2010 at 11:54 PM.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Similar Threads

  1. BT4 and Ethernet Driver Marvel 88E8040 -- Help needed
    By sebkinne in forum Beginners Forum
    Replies: 2
    Last Post: 03-29-2010, 06:22 AM
  2. apt command is not working
    By munitech4u in forum Beginners Forum
    Replies: 4
    Last Post: 02-17-2010, 03:47 AM
  3. Replies: 2
    Last Post: 02-10-2010, 03:46 PM
  4. Help with command
    By nevermore in forum Beginners Forum
    Replies: 1
    Last Post: 02-04-2010, 11:06 PM
  5. metagoofil.py: command not found
    By calnorak in forum Beginners Forum
    Replies: 2
    Last Post: 02-02-2010, 06:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •