Motzart

The output is: Listening on: en2 -> ***** (My MAC) 192.168.2.146/255.255.255.0 ***** Privileges dropped to UID 65534 GID 65534... 33 plugins 40 protocol dissectors 54 ports monitored 16074 mac vendor fingerprint 1766 tcp OS fingerprint 2182 known services Randomizing 255 hosts for scanning... Scanning the whole netmask for 255 hosts... 7 hosts added to the hosts list... Host 192.168.2.1 added to TARGET1 Host 192.168.2.128 added to TARGET2 ARP poisoning victims: GROUP 1 : 192.168.2.1 **** (MAC Router) GROUP 2 : 192.168.2.128 (MAC victim) Starting Unified sniffing... DHCP: [192.168.2.1] ACK : 192.168.2.150 255.255.255.0 GW 192.168.2.1 DNS 192.168.2.1 "speedport.ip" I don't think this will be very helpful :( My terminal that is attached to ettercap shows ettercap 0.8.0 copyright 2001-2013 Ettercap Development Team 01000 fwd 127.0.0.1,59272 ip from any to any proto tcp dst-port 992 in via en2 01100 fwd 127.0.0.1,59273 tcp from any to any dst-port 465 in via en2 01200 fwd 127.0.0.1,59274 ip from any to any proto tcp dst-port 995 in via en2 01300 fwd 127.0.0.1,59275 ip from any to any proto tcp dst-port 563 in via en2 01400 fwd 127.0.0.1,59276 tcp from any to any dst-port 636 in via en2 01500 fwd 127.0.0.1,59277 tcp from any to any dst-port 994 in via en2 01600 fwd 127.0.0.1,59278 tcp from any to any dst-port 993 in via en2 01700 fwd 127.0.0.1,59279 tcp from any to any dst-port 8080 in via en2 01800 fwd 127.0.0.1,59280 tcp from any to any dst-port 443 in via en2

Pinging works, but I don't understand my captures. Same scenario as above, I just pinged my pi instead of my router. Victim: Attacker: Pi: What I don't understand: In my attacker I only monitor tower->weiss (attacker->victim), nothing else. Is this normal? Still: Pinging my router, or sending DNS requests to it does not work at all. Thanks for your help again!

I started wireshark on my victim ("weiss") and on my attacker ("tower") and pinged to my router ("speedport.ip"). I filtered for ICMP. Attacker: Victim: What I see: The ICMP requests are directed to my attacker (ofc I am not in promiscuous mode). My attacker sends them to the router, but the router does not answer. Thanks for your help!

I did. Sorry I forgot to mention.

Hi! I am new to ettercap (although I am not new to security, and I am not a kiddy ). Because I am working on a mac I enabled the "quick and dirty fix" in etter.conf. I followed the standard tutorials to spoof arp (Added roter and victim to target 1 and 2, arp poisoning, start sniffing). What I expect: My victim is able to browse HTTP ordinarily. What I get: The arp is spoofed correctly (the cache got my attacker's mac instead of the router's), but I get request timeouts when pinging my router. I cannot open web pages anymore, nothing loads. Although the connections tab lists the victim's connections correctly. First I thought I needed a software that listens on my attacker in order to tunnel the traffic to the router (man in the middle). I found a thread saying it should listen on 8080. But after watching a video I guess that's already included when I select ARP poisoning? What point am I missing? I hope I provided enough information. Thanks for any help!