Sorry for the noise:
ettercap(8)
ettercap NG has a new unified sniffing method. This
implies that ip_forwarding in the kernel is always dis-
abled and the forwarding is done by ettercap. Every packet
with destination mac address equal to the host's mac
address and destination ip address different for the one
bound to the iface will be forwarded by ettercap. Before
forwarding them, ettercap can content filter, sniff, log
or drop them. It does not matter how these packets are
hijacked, ettercap will process them. You can even use
external programs to hijack packet.
You have full control of what ettercap should receive. You
can use the internal mitm attacks, set the interface in
promisc mode, use plugins or use every method you want.
IMPORTANT NOTE: if you run ettercap on a gateway, remember
ettercap NG-0.7.3 4
ETTERCAP(8) ETTERCAP(8)
to re-enable the ip_forwarding after you have killed
ettercap. Since ettercap drops its privileges, it cannot
restore the ip_forwarding for you.
Is in the manual.
thanks
2010/9/4 Gonzalo Rodriguez <gonz...@sepp0.com.ar>:
> Hi there,
>
> I have a issue using ettercap (ettercap-0.7.3p4-no_x11 multi-purpose
> sniffer/interceptor/logger) in 4.7-release
>
> OpenBSD 4.7 (GENERIC) #558: Wed Mar 17 20:46:15 MDT 2010
> dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
> RTC BIOS diagnostic error 80<clock_battery>
> cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD"
> 586-class) 499 MHz
> cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX
> real mem = 268009472 (255MB)
> avail mem = 250978304 (239MB)
> RTC BIOS diagnostic error 80<clock_battery>
> mainbus0 at root
> bios0 at mainbus0: AT/286+ BIOS, date 11/05/08, BIOS32 rev. 0 @ 0xfd088
> pcibios0 at bios0: rev 2.1 @ 0xf0000/0x10000
> pcibios0: pcibios_get_intr_routing - function not supported
> pcibios0: PCI IRQ Routing information unavailable.
> pcibios0: PCI bus #0 is the last bus
> bios0: ROM list: 0xe0000/0xa800
> cpu0 at mainbus0: (uniprocessor)
> pci0 at mainbus0 bus 0: configuration mode 1 (bios)
> pchb0 at pci0 dev 1 function 0 "AMD Geode LX" rev 0x33
> glxsb0 at pci0 dev 1 function 2 "AMD Geode LX Crypto" rev 0x00: RNG AES
> vr0 at pci0 dev 9 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 10,
> address 00:0d:b9:1c:13:bc
> ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
> 0x004063, model 0x0034
> vr1 at pci0 dev 10 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 11,
> address 00:0d:b9:1c:13:bd
> ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
> 0x004063, model 0x0034
> glxpcib0 at pci0 dev 15 function 0 "AMD CS5536 ISA" rev 0x03: rev 3,
> 32-bit 3579545Hz timer, watchdog, gpio
> gpio0 at glxpcib0: 32 pins
> pciide0 at pci0 dev 15 function 2 "AMD CS5536 IDE" rev 0x01: DMA,
> channel 0 wired to compatibility, channel 1 wired to compatibility
> wd0 at pciide0 channel 0 drive 0: <CF 4GB>
> wd0: 1-sector PIO, LBA, 3831MB, 7847280 sectors
> wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4
> pciide0: channel 1 ignored (disabled)
> ohci0 at pci0 dev 15 function 4 "AMD CS5536 USB" rev 0x02: irq 12,
> version 1.0, legacy support
> ehci0 at pci0 dev 15 function 5 "AMD CS5536 USB" rev 0x02: irq 12
> usb0 at ehci0: USB revision 2.0
> uhub0 at usb0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
> isa0 at glxpcib0
> isadma0 at isa0
> com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
> com0: console
> com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
> pcppi0 at isa0 port 0x61
> midi0 at pcppi0: <PC speaker>
> spkr0 at pcppi0
> npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
> usb1 at ohci0: USB revision 1.0
> uhub1 at usb1 "AMD OHCI root hub" rev 1.00/1.00 addr 1
> biomask f3e7 netmask ffe7 ttymask ffff
> mtrr: K6-family MTRR support (2 registers)
> nvram: invalid checksum
> vscsi0 at root
> scsibus0 at vscsi0: 256 targets
> softraid0 at root
> root on wd0a swap on wd0b dump on wd0b
> clock: unknown CMOS layout
> WARNING: clock time much less than file system time
> WARNING: using file system time
> WARNING: CHECK AND RESET THE DATE!
>
>
> # sysctl net.inet.ip.forwarding
> net.inet.ip.forwarding=1
>
> # ettercap -T -i vr0
> ...sniff stuff...
>
> # sysctl net.inet.ip.forwarding
> net.inet.ip.forwarding=0
>
> anyone with this problem?
>
> regards.
