Jump to content

Ettercap Problems


Recommended Posts


I have recently started using linux and I'm no expert. I use Puppy linux from a live cd and have downloaded Ettercap. I have used the following 2 methods to use Ettercap for MITM monitoring of a second device on my WLAN, both methods have stalled as described and I would like to know how to progress from either or preferably both methods.

No.1 - GUI. I have used GUI, scanned for hosts, allocated target device as TARGET 1 and router as TARGET 2, ARP poisoned and started sniffing. But then nothing else happens when I use target device. The GUI screen simply states that sniffing has begun but nothing more.

No.2 - Text. From a terminal I enter the command sudo ettercap -T -M arp -i wlan0 /192.target/ /192.router/ -w test.cap . When I use the target PC I get a lot of data appear in the terminal. But when I view it using cat test.cap | grep -a http most of it is nonsense to me.

I would like, using text or GUI, to see in plain english text the websites visited and the passwords entered. I believe this is possible with Ettercap but I can't quite get there.


Link to comment
Share on other sites

Use wireshark for viewing the Pcap files, and network miner for assembling files.

Link to comment
Share on other sites

Thanks for replies. I will try to find a Puppy version of Wireshark. Is there no way to just use Ettercap? The YouTube tutorials show passwords being revealed but my set-up must be missing something. I'm not very knowledgeable about libraries and plug-ins and wonder if that's where I'm going wrong.

Link to comment
Share on other sites

cap and pcap files are raw packets of data. You need something that can read them and put into plain text, like wireshark. Network miner can reassemble certain file types automatically for you from raw pcap files, such as images, web pages, exe's, etc.

Link to comment
Share on other sites

Thanks for that.

I have installed Wireshark but am unable to find passwords or visited websites. I captured packets with Ettercap (including logging in on Google and Ebay) then opened the test.cap file in Wireshark but it's a bit daunting. I tried applying a filter - http.request.method = = POST - which I read would show entries including logins. But when I try "Folow TCP Stream" I don't get any plain text user ID or passwords. What do I need to do?

When I start Wireshark I get the following error message:

Lua: Error during loading: [string "/usr/share/wireshark/init.lua"]:45: dofile has been disabled

Is this the cause of my difficulties?

Link to comment
Share on other sites

When using the GUI I have arp poisoned then used chk-poisoning and get a message telling me there is "no poisoning at all". Does anyone no how to fix this.

And can anyone tell me how I use Wireshark to decipher packets captured in text mode (or point me to a simple, basic tutorial) as I'm still struggling to make sense of it.


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...