Yes but since it's not the default interface the man in the middle attacks won't work, this is what the -i option said in the man page
the entry says that when you tell it to use the interface that isn't the "Default One" then the man in the middle attacks won't work. How do I remedy this problem?
-i, --iface <IFACE>
Use this <IFACE> instead of the default one. The interface can
be unconfigured (requires libnet >= 1.1.2), but in this case you
cannot use MITM attacks and you should set the unoffensive flag
Due to my failed attempts at getting ettercap to work I started to seek alternatives, I found the dsniff suite and started playing around with arpspoof, and dnssniff. I first enabled forwarding on the interface
then I selected my targets (the gateway and a windows machine I have setup somewhere) and I did these commands.
echo "1" > /proc/sys/net/ipv4/ip_forward
The I fired up wireshark and surfed the internet for a few minutes on the target machine and I was able to capture stiff as they surfed. Arpspoof may not be as intelligent as ettercap but it gets the job done (I mean intelligent as in ettercap starts spoofing when it senses traffic on the network between the targets it was told to spoof for, while arpspoof just keeps sending arp requests without any knowing of what happens on the network, this is easier to detect on an ids than the one with ettercap)
arpspoof -i eth1 -t 192.168.1.81 192.168.1.1
arpspoof -i eth1 -t 192.168.1.1 192.168.1.81
The man in the middle attack worked like a charm now I am able to experiment with IPTables and SNORT to setup some customized rules for these types of attacks (for educational purposes). Now I started experimenting with dnsspoof. I made a hosts file and put something like this in it.
This setup would try to spoof the DNS requests to the 192.168.1.78 address before it gets to the DNS server that the client was assigned to by the DHCP server. Heres the command I used.
# located in /root/spoofed-addresses.conf
Now for the moment of truth I did an nslookup for google on the windows machine and the request came back as the authentic DNS server response instead of the spoofed address I entered in the hosts file for dnsspoof, Dnsspoof is the only problem I have left here. Is there a more effective command for dnsspoof that I need to run in my scenario.
dnsspoof -i eth1 -f /root/spoofed-addresses.conf