search

Ettercap / ettercap

Ettercap Project
http://www.ettercap-project.org
GNU General Public License v2.0
2.32k stars 488 forks source link

ARP Poisoning not working #1067

Closed ladysans closed 3 years ago

ladysans commented 4 years ago

First of all, thank you very much for this wonderful tool. I had tried it on my Raspberry Pi 3B+ with the latest Raspberry Pi OS (buster). But I hadn't built it with ipv6 support, so I rebuilt it. I don't know what went wrong, but ARP poisoning isn't working now. Could you please take a look at the debug log?

ettercap-0.8.3.1_debug.log

Thank you very much.

koeppea commented 4 years ago

Hi, the main issue starts here:

[     init] USER_MSG(): Listening on:
[     init] USER_MSG():  wlan0 -> XX:XX:XX:XX:XX:XX
[     init] USER_MSG():       192.168.0.24/
[     init] USER_MSG(): 255.255.255.0
[     init] USER_MSG():       fe80::1b0e:f0a9:c080:84ea/64
[     init] USER_MSG():       2a02:8109:b6c0:9e30:1122:f943:9253:5110/64

XX:XX:XX:XX:XX:XX is not a valid MAC address. For whatever reason, can libpcap not read the "real" MAC address of the adapter.

ladysans commented 4 years ago

Sorry, I didn't specify. The MAC addresses are fine, I censored them for the post. There are 3 different MAC addresses. One for the router (192.168.0.1 / Target 1), one for a laptop that was supposed to become a DNS spoofing target (192.168.0.3 / Target 2) and a Raspberry Pi 3B+ that serves as MitM.

koeppea commented 4 years ago

OK I see you ran chk_poison plugin to check poison status and it reported that .3 to .1 is not poisoned. Is .3 connected via cable or wireless?

ladysans commented 4 years ago

It's connected via wireless (all of them are).

koeppea commented 4 years ago

ARP (or any other broad- / multicast based protocol) might be difficult in wireless networks. Since, the default ARP poison attack is quite noisy and whilst wireless networks try to optimize the necessary overhead as much as possible, maybe tuning the ARP poisoning behavior might bring some advantage here. Try setting first:

arp_poison_reply = 0
arp_poison_request = 1

and monitor the behaviour. Maybe it may help to additionally set (_either with arp_poison_reply = 1 explicit or arp_poison_request = 1_) 

arp_poison_smart = 1

Refer to the etter.conf manual page to understand more about what these configuration parameters do / affect.

koeppea commented 3 years ago

@ladysans I understand your lack of response that my last recommendation helped you. So I'll close this issue. Reopen if you think otherwise.