Ettercap not scanning for hosts

[Hellmasker]

Hi all,

I'm having a problem with ettercap.

I do:

ettercap -G

Sniff > Unified sniffing > OK

Hosts > Scan for hosts

and I get this in my ettercap GUI:

Listening on eth0... (Ethernet)

eth0 -> 00:23:8B:4C:8E:85 invalid invalid

Privileges dropped to UID 65534 GID 65534...

28 plugins
39 protocol dissectors
53 ports monitored
7587 mac vendor fingerprint
1698 tcp OS fingerprint
2183 known services
Randomizing -1 hosts for scanning...
Scanning the whole netmask for -1 hosts...
0 hosts added to the hosts list...

Two things that I find that are different from the tutorials I'm following is the invalid part and the -1 parts.

Anyone know how I can fix this? Thanks so much!

[sickness]

Did you edit your etter.conf file? Did you select the right interface? Did you set the correct netmask?

[Encode]

Hi

i have a problem with ettercap

Code:

root@bt:~# ettercap -G

ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA

Dissector "dns" not supported (etter.conf line 70)

(<unknown>:2391): GLib-GObject-WARNING **: /build/buildd/glib2.0-2.24.1/gobject/gsignal.c:3079: signal name `depressed' is invalid for instance `0x85fb00'

i select right interface but i did not edit etter.conf and i try for scan hosts and my result

Code:

Listening on ppp0... (Linux cooked)

  ppp0 ->	00:00:00:00:00:00       10.20.30.32   255.255.255.255

SSL dissection needs a valid 'redir_command_on' script in the etter.conf file
Privileges dropped to UID 65534 GID 65534...

  28 plugins
  39 protocol dissectors
  53 ports monitored
7587 mac vendor fingerprint
1698 tcp OS fingerprint
2183 known services
Randomizing 0 hosts for scanning...
Scanning the whole netmask for 0 hosts...
0 hosts added to the hosts list...

where is my problem ?

how do i con edit etter.conf ?

tnx in advance

[maverik35]

Did you change the etter.conf?...
I quote:
"SSL dissection needs a valid 'redir_command_on' script in the etter.conf file
Privileges dropped to UID 65534 GID 65534..."
You need to uncomment the lines in /etc/etter.conf file: "redir_command_on and redir_command_off" in Linux section...
You cannot dissect SSL if iptables are not configured..That's why you need to uncomment those lines I mentioned...This is the reason to the warning mentioned above.

Also configure the ec_uid and ec_gid = 0 if not so...You need root priviledges to configure interfaces, once they are done by ettercap, then drops priviledges, to whom?..You tell that: 0=root, 65535 = nobody, or type at terminal prompt: id and it will give you your id and group. If prompt as #, is 0, if prompt as $, in my case is 1000.

If you are using BT5, leave it as 0 (root)..If in Debian (my case), Ubuntu, etc (ettercap installed in those OS) use id in $ mode, otherwise it wont work. I speak on my experience...

Once you configure your ettercap, try again..

Also make sure you are in the same subnet, as said by sickness, because if not, you just cannot scan any hosts, because there is nobody but you...

This how i use it: xx@xx#: ettercap -Tqi eth1 -M arp:remote // /gateway/ -P autoadd
My interface is eth1, you use yours accordingly.
gateway, you use the one in your subnet, in my case the gateway is 10.0.0.1
The plugin used by my is just in case after running ettercap, anyone connecting, is autoadded to the sniffing...
Hope it helps

[Encode]

Hi

Thank you maverik35 i did not change etter.conf , becuse i am newbie

i use BT5 and i type at terminal nano etter.conf and i saw etter.conf file is empty

i know my all problem is etter.conf but i can't solve this problem . i should edit etter.conf but i am newbie

can u tell me step by step for edit etter.conf ? or give me video for my problem i serached but i did not find

sorry for my bad english

tnx in advance

[Encode]

I did edited etter.conf i changed uid and gid = 0

and i changed

Code:

#---------------
#     Linux 
#---------------

# if you use ipchains:
   #redir_command_on = "ipchains -A input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport"
   #redir_command_off = "ipchains -D input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport"

# if you use iptables:
   #redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
   #redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

to

Code:

#---------------
#     Linux 
#---------------

# if you use ipchains:
   #redir_command_on = "ipchains -A input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport"
   #redir_command_off = "ipchains -D input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport"

# if you use iptables:
   redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
   redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

but i still did succeed and i type at terminal ettercap -G and i gave the same error

Code:

ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA

Dissector "dns" not supported (etter.conf line 70)

and i worked with ettercap and i try for scan host but before I get the results

Code:

Randomizing 0 hosts for scanning...
Scanning the whole netmask for 0 hosts...
0 hosts added to the hosts list...

[maverik35]

That's ok, I understand, no problem cuate..Here is what you have to do:
1. Open up a terminal.
2. In linux OS, you have a Hierarchical structure, so always keep this in mind: "/" is the root directory, the first level of the File structure.
The etter.conf is a configuration file to ettercap. So you have to type: nano /etc/etter.conf
The etter.conf is located under the /etc directory (etc is under "/" root directory, that is why /etc your are pointing to that directory)
3. You have to move within the file with the arrows, and take a look at the bottom, you will see the commands to write, exit, etc.Th. ey are represented as: ^X Exit, ^O Save..===== "^" = Ctl
4. Look for the "redir_command_on/off. Then go to the "linux" section.
5. You will see this:
# if you use iptables:
#redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
#redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
Change it to this (uncomment the 2 lines) (Quitele el signo de gato):
# if you use iptables:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
6. Then go to the top of the file, and you will see this:
[privs]
ec_uid = 65534 # nobody is the default
ec_gid = 65534 # nobody is the default
Change it to this
ec_uid = 0 # nobody is the default
ec_gid = 0 # nobody is the default

Then just save it (Ctl + O) and then exit (Ctl + X).
Try again.

The scanning problem is not related to this matter I post above, you have to know if you are in the same subnet, do this:
1. Open up a terminal.
2. type: ifconfig
3 See your IP address.
4 Ex: router IP = 10.0.0.1
Subnet ID is = 10.0.0.0
Subnet Broadcast = 10.0.0.255
Subnet DHCP range = 10.0.0.1 to 254. Some routers have ranges starting from certain IP addresses.
So, all PC's in the subnet should be between 10.0.0.1 to 10.0.0.254, including gateway (router)..
If your IP is 10.0.0.102, all other hosts should be something like this: 10.0.0.106, 107, 108, and so on.

So if your ettercap is not finding any hosts, perhaps there are none or your ip is not in the subnet...

Any other help, please post to keep helping.

Suerte.

[minat0r]

Make sure that you selected the right network interface that the targe PC are in

[Encode]

Thanks maverik35

i changed uid gid = 0

and i changed

Code:

# if you use iptables:
#redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
#redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
Change it to this (uncomment the 2 lines) (Quitele el signo de gato):
# if you use iptables:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

but i have still problem

my ifconfig is

Code:

root@bt:~# ifconfig
eth0      Link encap:Ethernet  HWaddr f4:6d:04:be:68:eb  
          inet6 addr: fe80::f66d:4ff:febe:68eb/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:512 errors:0 dropped:0 overruns:0 frame:0
          TX packets:337 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:160914 (160.9 KB)  TX bytes:84961 (84.9 KB)
          Interrupt:44 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:59 errors:0 dropped:0 overruns:0 frame:0
          TX packets:59 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:9345 (9.3 KB)  TX bytes:9345 (9.3 KB)

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:10.20.30.32  P-t-P:1.1.50.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1480  Metric:1
          RX packets:242 errors:0 dropped:0 overruns:0 frame:0
          TX packets:262 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:134707 (134.7 KB)  TX bytes:74581 (74.5 KB)

wlan0     Link encap:Ethernet  HWaddr e0:b9:a5:7f:8e:5d  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

[snafu777]

Try looking at
/usr/local/etc/etter.conf
-vs-
/etc/etter.conf

or you could do
find / -name 'etter.conf'


As well, stay away from the GUI till you understand what yer doing syntax wise.

Do you know how to use other tools to scan for hosts? nmap...etc...??