search

Ettercap / ettercap

Ettercap Project
http://www.ettercap-project.org
GNU General Public License v2.0
2.33k stars 489 forks source link

Only 1 host shown! #1193

Closed Archilla1 closed 2 years ago

Archilla1 commented 2 years ago

Hi to you all! I have issue were I only see one address. I have uninstalled and reinstalled from source as @koeppea explained on a different situation, but still same issue.

ettercap 0.8.4-rc copyright 2001-2020 Ettercap Development Team

Listening on: eth0 -> Info deleted 172.17.214.237/255.255.240.0 fe80::215:5dff:fee8:1cde/64

SSL dissection needs a valid 'redir_command_on' script in the etter.conf file Privileges dropped to EUID 65534 EGID 65534...

34 plugins 42 protocol dissectors 56 ports monitored 28230 mac vendor fingerprint 1766 tcp OS fingerprint 2182 known services

Randomizing 4095 hosts for scanning... Scanning the whole netmask for 4095 hosts...

|==================================================>| 100.00 % 1 hosts added to the hosts list... Starting Unified sniffing...

Text only Interface activated... Hit 'h' for inline help

Hosts list:

172.17.208.1 00:15:5D:E8:17:DD
Closing text interface...

Terminating ettercap... Unified sniffing was stopped.

I was trying all over again and now got this after make install:

I was trying Install the project... -- Install configuration: "Release" -- Installing: /usr/local/lib/libettercap.so.0.8.4-rc CMake Error at src/cmake_install.cmake:65 (file): file INSTALL cannot copy file
"/home/andre/ettercap/build/src/libettercap.so.0.8.4-rc" to
"/usr/local/lib/libettercap.so.0.8.4-rc": Permission denied.
Call Stack (most recent call first):
cmake_install.cmake:47 (include)

make: *** [Makefile:100: install] Error 1

Not sure if is something I should worry about....

Under /ettercap I have this:

AUTHORS bundled_deps cmake contrib doc INSTALL LICENSE.OPENSSL misc README README.BUGS README.LUA README.PLATFORMS SECURITY.md src THANKS TODO.TESTING build CHANGELOG CMakeLists.txt desktop include LICENSE man plug-ins README.BINARIES README.GIT README.OSXLION README.TESTS share tests TODO utils

koeppea commented 2 years ago

Reg. the installation error: you have to use sudo to install:

sudo make install

Regarding the host-list issue: make sure you have also nmap installed to compare the ARP scan results: First perform an ARP scan using nmap:

nmap -sP -PR -oG - 172.17.208.0/20

Then run the ARP scan using ettercap:

sudo ettercap -Tqieth0 -slq -w /tmp/packets.pcap

Please paste both results here including the ettercap debug log file, located in the directory where ettercap has been executed and the packet capture file /tmp/packets.pcap.

Archilla1 commented 2 years ago

Hi again! Before continuing, I am running it on WSL, just in case.

ettercap 0.8.4-rc copyright 2001-2020 Ettercap Development Team

These are the outputs:

nmap -sP -PR -oG - 172.17.208.0/20

Nmap 7.92 scan initiated Wed Aug 10 09:56:56 2022 as: nmap -sP -PR -oG - 172.17.208.0/20

Nmap done at Wed Aug 10 10:24:19 2022 -- 4096 IP addresses (0 hosts up) scanned in 1642.76 seconds

sudo ettercap -Tqieth0 -slq -w /tmp/packets.pcap :

ettercap 0.8.4-rc copyright 2001-2020 Ettercap Development Team

Listening on: eth0 -> 00:15:5D:6C:DD:41 172.25.39.213/255.255.240.0 fe80::215:5dff:fe6c:dd41/64

SSL dissection needs a valid 'redir_command_on' script in the etter.conf file Privileges dropped to EUID 65534 EGID 65534...

34 plugins 42 protocol dissectors 56 ports monitored 28230 mac vendor fingerprint 1766 tcp OS fingerprint 2182 known services

Randomizing 4095 hosts for scanning... Scanning the whole netmask for 4095 hosts...

1 hosts added to the hosts list... Starting Unified sniffing...

Text only Interface activated... Hit 'h' for inline help

Hosts list: 1) 172.25.32.1 00:15:5D:01:D5:F8 Closing text interface...

Terminating ettercap...
Unified sniffing was stopped.

only file I was able to see as ''debug'' was README.BUGS, but pretty sure is not that one.

koeppea commented 2 years ago

Well the fact that you're running ettercap on WSL explains why you only seeing one host. It's the Windows host itself acting as the default gateway for the virtual Linux.

Ettercap is supposed to be run natively on Linux in the same LAN as the other client machines.

However why nmap is not finding any host at all, I can't explain. But this could also be related to the implementation of the WSL environment.

You have to install ettercap on Linux either on a dedicated machine or a proper virtual machine using VMWare or VirtualBox an setting the network to Bridge mode.

Then you'd be able to find more hosts, pretending there are more besides your default gateway.

Closing the case...