ettercap filter problem

[dok72]

Hi all,
I am using
BT5R3-KDE-32 and
ettercap 0.7.4.1

I have created a simple filter to see (for example) google HTML in plain text. To achive this goal I want to sosbtitute in HTTP header
Accept-Encoding: gzip, deflate with
Accept-Encoding: identity


The filter was made just like this:

if (ip.proto == TCP && search(DATA.data, "gzip") ) {
replace("gzip", "identity");
msg("gzip --> identity.\n");
}

if (ip.proto == TCP && search(DATA.data, "deflate") ) {
replace("deflate", "identity");
msg("deflate --> identity.\n");
}

if (ip.proto == TCP && search(DATA.data, "identity, identity") ) {
replace("identity, identity", "identity");
msg("double identity --> identity.\n");
}


In testing with BT5, I see the logging messages, and the packets
are injected by Ettercap, but the original frames are not dropped. I
validated this on the victim where he gets the original packets
immediately followed by the Ettercap-modified packets. The follow-up
packets are dropped by the victim as TCP retransmissions.

I'm guessing this is due to something having changed in the kernel, but I'm not sure what it could be. I checked /sys/net/ipv4/ip_forward, but it is set to 0.

Can anyone tell me what I have made wrong ?
Thanks in advance.

[dok72]

Hi all,
I have received no answer...
so I don't know: nobady use ettercap filter ? I have done all correctly ?
Do you need some more information ?

Please tell me what I'm doing wrong ...
Thank you in advance.