I needed to do some protocol conversions and thought that ettercap might be able to help however my ettercap filter does not see the source traffic ("tcp.src"). I see the packets fine in wireshark as well in my client application (without the protocol conversions). The following debug msg in the ettercap filter is never encountered:
if (tcp.src == 80)
I suspect it may be an issue between iptables & ettercap.
I have 2 network interfaces setup as a gateway:
ifconfig at0 up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --table nat --flush
iptables --table nat --delete-chain
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o at0 -j MASQUERADE
and run ettercap with:
I have uncommented the redir_command_* lines in etter.conf.
ettercap -T -q -u -F filter.ef -L ettercap.log -i at0 //
I have enabled IP forwarding with:
I have also tried:
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "0" > /proc/sys/net/ipv4/conf/all/rp_filter
Any ideas why ettercap filter tcp.src is not being triggered??