Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Poisoning problem in ettercap

  1. #1
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    3

    Default Poisoning problem in ettercap

    First, i want to say i'm on Backtrack 3, under vmware Fusion and a WUSB54GC (wifi dongle).

    Second, i've some problem with getting a true and stable poisoning with ettercap.
    Most of time, when i launch the chk_poison plugin i get messages in the style of :
    chk_poison: No poisoning between 192.168.1.14 -> 192.168.1.1
    Usually i reboot ettercap and after a few times, i'm able of getting a proper poisoning ; hence chk_poison tells me :
    poisoning successfull!
    But i never get a true "success" as it oscillates between a "poisoning successfull" state and a "no poisoning between" state.

    What should i do to get it work in the proper way ?
    Should i change the
    arp_storm_delay = 10 # milliseconds
    arp_poison_warm_up = 1 # seconds
    arp_poison_delay = 10
    parameters in etter.conf ?

  2. #2
    Just burned his ISO
    Join Date
    Jan 2009
    Posts
    8

    Default Detection

    Is it possible that the host 192.168.1.1 is resending the correct ARP requests? What kind of device is it?

  3. #3
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    13

    Default

    Have this too occasionally - so i use repoison_arp plugin..

  4. #4
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    3

    Default

    repoison_arp doesn't work (or at least doesn't seem to change anything)

    My device is a livebox (the inventel one)

  5. #5

    Question Ettercap telling lies?

    Quote Originally Posted by Phonatacid View Post
    repoison_arp doesn't work (or at least doesn't seem to change anything)

    I am having the exact same problem.

    Sometimes I get "poisoning successful" and sometimes I get "No poisoning between". I also run "chk_poison" and "repoison_arp" plugins and nothing happens.

    This may be the problem that we are having, it is just a thought:

    This is the layout of my LAN:

    192.168.1.254 [Gateway] - BTHomeHub
    192.168.1.253 [Firewall??] - BTHomeHub
    192.168.1.66 [laptop1] - Running Windows XP SP3
    192.168.1.70 [laptop2] - Running BackTrack3f
    192.168.1.77 [workstation1] - Running Windows 2000


    192.168.1.254 and 192.168.1.253 use the same MAC address.

    Now the strange thing that I find about this error that we are getting "No poisoning between....." is that although it is stating that there is no poisoning; "urlsnarf" and "driftnet" are picking up information on the laptop [192.168.1.66], the websites I visit and the images of those websites that I visit.

    Yet, Ettercap still displays the following error in the CL when I activate the "chk_poison" plugin:

    Code:
    Plugin name (0 to quit): chk_poison
    Activating chk_poison plugin...
    
    chk_poison: Checking poisoning status...
    chk_poison: No poisoning between 192.168.1.66 -> 192.168.1.253
    chk_poison: No poisoning between 192.168.1.66 -> 192.168.1.254
    chk_poison: No poisoning between 192.168.1.66 -> 192.168.1.253
    chk_poison: No poisoning between 192.168.1.66 -> 192.168.1.254
    Here is the previous command I used to load Ettercap:
    Code:
    ettercap -Tq -M arp:remote -i wlan0 // // -P autoadd
    I have also tried the following command (targeting 1 IP) without success:
    Code:
    ettercap -Tq -M arp:remote -i wlan0 /192.168.1.254/ /192.168.1.66/ -P autoadd
    Strange stuff ehh? Anyone care to elaborate on this one as it seems there is a lot of people having the same issue?


    Regards,

  6. #6

    Default

    I just loaded Ettercap again, I also just loaded the chk_poison plugin again...

    ..Still no luck.

    So what I did was I loaded the plugin: repoison_arp and then loaded the plugin replay_arp.

    I received an error message stating the following:

    Code:
    FATAL: replay_arp plugin can not be found !
    Now, I just installed BT3f freshly onto my USB just a few days ago, it was there yesterday and I have not deleted anything like that. Is this a common error, is it telling lies again?

    arp_replay plugin missing??

    Any ideas?

  7. #7
    Junior Member
    Join Date
    Jan 2010
    Posts
    46

    Default

    I have been having this problem too

  8. #8
    Member cr1spyj0nes's Avatar
    Join Date
    Sep 2008
    Posts
    164

    Default

    have you enabled ip fowreding?

  9. #9
    Member hawaii67's Avatar
    Join Date
    Feb 2006
    Posts
    318

    Default

    Quote Originally Posted by cr1spyj0nes View Post
    have you enabled ip fowreding?
    No need for it. Every time Ettercap starts, it disables IP forwarding in the kernel and begins to forward packets itself.
    The kernel ip_forwarding is always disabled by ettercap. This is done to prevent to forward a packet twice (one by ettercap and one by the kernel)
    Don't eat yellow snow :rolleyes:

  10. #10
    Just burned his ISO
    Join Date
    Dec 2009
    Posts
    8

    Default

    I am also having the No Poisoning problem when I run the plugin but yet when I start up the DNS spoofing plugin it does spoof all of the computers on my local network so it is working. I think it might just be a problem with the plugin, because I also get a success once and a while but either way I can DNS Spoof so im pretty sure it has to be working for me. Just try doing a DNS spoof and see if it works. By default it will spoof microsoft.com to linux so try microsoft.com and see where it takes you with that plugin enabled. Im also using the repoison_arp plugin while I am doing this.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •