Is it possible that the host 192.168.1.1 is resending the correct ARP requests? What kind of device is it?
Poisoning problem in ettercap
First, i want to say i'm on Backtrack 3, under vmware Fusion and a WUSB54GC (wifi dongle).
Second, i've some problem with getting a true and stable poisoning with ettercap.
Most of time, when i launch the chk_poison plugin i get messages in the style of :
Usually i reboot ettercap and after a few times, i'm able of getting a proper poisoning ; hence chk_poison tells me :chk_poison: No poisoning between 192.168.1.14 -> 192.168.1.1
But i never get a true "success" as it oscillates between a "poisoning successfull" state and a "no poisoning between" state.poisoning successfull!
What should i do to get it work in the proper way ?
Should i change the
parameters in etter.conf ?arp_storm_delay = 10 # milliseconds
arp_poison_warm_up = 1 # seconds
arp_poison_delay = 10
Detection
Is it possible that the host 192.168.1.1 is resending the correct ARP requests? What kind of device is it?
Have this too occasionally - so i use repoison_arp plugin..
repoison_arp doesn't work (or at least doesn't seem to change anything)
My device is a livebox (the inventel one)
Ettercap telling lies?
Originally Posted by Phonatacid
I am having the exact same problem.
Sometimes I get "poisoning successful" and sometimes I get "No poisoning between". I also run "chk_poison" and "repoison_arp" plugins and nothing happens.
This may be the problem that we are having, it is just a thought:
This is the layout of my LAN:
192.168.1.254 [Gateway] - BTHomeHub
192.168.1.253 [Firewall??] - BTHomeHub
192.168.1.66 [laptop1] - Running Windows XP SP3
192.168.1.70 [laptop2] - Running BackTrack3f
192.168.1.77 [workstation1] - Running Windows 2000
192.168.1.254 and 192.168.1.253 use the same MAC address.
Now the strange thing that I find about this error that we are getting "No poisoning between....." is that although it is stating that there is no poisoning; "urlsnarf" and "driftnet" are picking up information on the laptop [192.168.1.66], the websites I visit and the images of those websites that I visit.
Yet, Ettercap still displays the following error in the CL when I activate the "chk_poison" plugin:
Here is the previous command I used to load Ettercap:Code:Plugin name (0 to quit): chk_poison Activating chk_poison plugin... chk_poison: Checking poisoning status... chk_poison: No poisoning between 192.168.1.66 -> 192.168.1.253 chk_poison: No poisoning between 192.168.1.66 -> 192.168.1.254 chk_poison: No poisoning between 192.168.1.66 -> 192.168.1.253 chk_poison: No poisoning between 192.168.1.66 -> 192.168.1.254
I have also tried the following command (targeting 1 IP) without success:Code:ettercap -Tq -M arp:remote -i wlan0 // // -P autoadd
Strange stuff ehh? Anyone care to elaborate on this one as it seems there is a lot of people having the same issue?Code:ettercap -Tq -M arp:remote -i wlan0 /192.168.1.254/ /192.168.1.66/ -P autoadd
Regards,
I just loaded Ettercap again, I also just loaded the chk_poison plugin again...
..Still no luck.
So what I did was I loaded the plugin: repoison_arp and then loaded the plugin replay_arp.
I received an error message stating the following:
Now, I just installed BT3f freshly onto my USB just a few days ago, it was there yesterday and I have not deleted anything like that. Is this a common error, is it telling lies again?Code:FATAL: replay_arp plugin can not be found !
arp_replay plugin missing??
Any ideas?
I have been having this problem too
have you enabled ip fowreding?
No need for it. Every time Ettercap starts, it disables IP forwarding in the kernel and begins to forward packets itself.
The kernel ip_forwarding is always disabled by ettercap. This is done to prevent to forward a packet twice (one by ettercap and one by the kernel)
Don't eat yellow snow :rolleyes:
I am also having the No Poisoning problem when I run the plugin but yet when I start up the DNS spoofing plugin it does spoof all of the computers on my local network so it is working. I think it might just be a problem with the plugin, because I also get a success once and a while but either way I can DNS Spoof so im pretty sure it has to be working for me. Just try doing a DNS spoof and see if it works. By default it will spoof microsoft.com to linux so try microsoft.com and see where it takes you with that plugin enabled. Im also using the repoison_arp plugin while I am doing this.
Posting Permissions
