Results 1 to 3 of 3

Thread: How do I change the default networking interface for ETTERCAP

  1. #1
    Just burned his ISO
    Join Date
    Jan 2012
    Posts
    3

    Default How do I change the default networking interface for ETTERCAP

    The machine that I am using to run some penetration tests on a network has two networking interfaces, one of them is onboard but I am unable to remove it so I added another interface in one of the expansion slots and everything started working fine. But when it came to using ettercap to run some man in the middle tests, nothing worked. This test wasn't successful since ettercap seems to only work with the default networking interface for man in the middle attacks and I am not using the default (the on board NIC) interface because the one I added is much quicker. This penetration test is useless without a successful man in the middle attack and since ettercap only does successful man in the middle attacks with the default interface it looks like it won't get done.

    I really appreciate all of the help

  2. #2
    Junior Member rastamouse's Avatar
    Join Date
    Oct 2012
    Posts
    32

    Default Re: How do I change the default networking interface for ETTERCAP

    Can't you just specify the interface you want using the -i option in ettercap?

  3. #3
    Just burned his ISO
    Join Date
    Jan 2012
    Posts
    3

    Default

    Yes but since it's not the default interface the man in the middle attacks won't work, this is what the -i option said in the man page
    Code:
    -i, --iface <IFACE>
                  Use  this  <IFACE> instead of the default one. The interface can
                  be unconfigured (requires libnet >= 1.1.2), but in this case you
                  cannot use MITM attacks and you should set the unoffensive flag
    the entry says that when you tell it to use the interface that isn't the "Default One" then the man in the middle attacks won't work. How do I remedy this problem?

    Due to my failed attempts at getting ettercap to work I started to seek alternatives, I found the dsniff suite and started playing around with arpspoof, and dnssniff. I first enabled forwarding on the interface
    Code:
    echo "1" > /proc/sys/net/ipv4/ip_forward
    then I selected my targets (the gateway and a windows machine I have setup somewhere) and I did these commands.
    Code:
    arpspoof -i eth1 -t 192.168.1.81 192.168.1.1
    arpspoof -i eth1 -t 192.168.1.1 192.168.1.81
    The I fired up wireshark and surfed the internet for a few minutes on the target machine and I was able to capture stiff as they surfed. Arpspoof may not be as intelligent as ettercap but it gets the job done (I mean intelligent as in ettercap starts spoofing when it senses traffic on the network between the targets it was told to spoof for, while arpspoof just keeps sending arp requests without any knowing of what happens on the network, this is easier to detect on an ids than the one with ettercap)

    The man in the middle attack worked like a charm now I am able to experiment with IPTables and SNORT to setup some customized rules for these types of attacks (for educational purposes). Now I started experimenting with dnsspoof. I made a hosts file and put something like this in it.
    Code:
    # located in /root/spoofed-addresses.conf
    192.168.1.78        *.google.com
    This setup would try to spoof the DNS requests to the 192.168.1.78 address before it gets to the DNS server that the client was assigned to by the DHCP server. Heres the command I used.
    Code:
    dnsspoof -i eth1 -f /root/spoofed-addresses.conf
    Now for the moment of truth I did an nslookup for google on the windows machine and the request came back as the authentic DNS server response instead of the spoofed address I entered in the hosts file for dnsspoof, Dnsspoof is the only problem I have left here. Is there a more effective command for dnsspoof that I need to run in my scenario.
    Last edited by g0tmi1k; 11-19-2012 at 03:03 AM. Reason: Merged

Similar Threads

  1. change boot default to windows
    By ki3sdses in forum BackTrack 5 Beginners Section
    Replies: 5
    Last Post: 08-28-2011, 02:06 AM
  2. default password change bt5
    By shep100uk in forum BackTrack 5 Beginners Section
    Replies: 3
    Last Post: 05-20-2011, 02:34 PM
  3. Why is networking not enabled at start by default?
    By stock99 in forum OLD Newbie Area
    Replies: 1
    Last Post: 11-19-2009, 01:55 PM
  4. Change default window manager to KDE on USB
    By mojo-chan in forum OLD BT3final Support
    Replies: 1
    Last Post: 07-27-2008, 06:17 AM
  5. change default startup
    By durana in forum OLD Newbie Area
    Replies: 1
    Last Post: 07-29-2007, 10:57 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •