I needed to do some protocol conversions and thought that ettercap might be able to help however my ettercap filter does not see the source traffic ("tcp.src"). I see the packets fine in wireshark as well in my client application (without the protocol conversions). The following debug msg in the ettercap filter is never encountered:

Code:
if (tcp.src == 80)
{
        msg("tcp.src==80");
}

I suspect it may be an issue between iptables & ettercap.


I have 2 network interfaces setup as a gateway:

Code:
        ifconfig at0 up
        ifconfig at0 10.0.0.1 netmask 255.255.255.0
        ifconfig at0 mtu 1400
        route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1


        iptables --flush
        iptables --table nat --flush
        iptables --delete-chain
        iptables --table nat --delete-chain
        iptables -P FORWARD ACCEPT
        iptables -t nat -A POSTROUTING -o at0 -j MASQUERADE

and run ettercap with:
Code:
        ettercap -T -q -u -F filter.ef -L ettercap.log -i at0 //
I have uncommented the redir_command_* lines in etter.conf.

I have enabled IP forwarding with:
Code:
        echo "1" > /proc/sys/net/ipv4/ip_forward
I have also tried:
Code:
        echo "0" > /proc/sys/net/ipv4/conf/all/rp_filter

Any ideas why ettercap filter tcp.src is not being triggered??