Weird ip adresses

[Merlinistisch]

The ip adresses that i get are 10.2.2 10.2.3 10.2.4 Mac adresses: 52:54:00:12:35:02, 52:54:00:12:35:03, 52:54:00:12:35:04, i booted up ettercap through the root terminal, i used eth0 clicked accept, clicked on scan for hosts, Lua: no scripts were specified, not starting up! Was something that was shown in the text box, i didn't specify the netmask, the textbox also said: Ettercap might not work correctly. /proc/sys/net/ipv6/conf/eth0/use_tempaddr is not set to 0. Privileges dropped to EUID 0 EGID 0...

[LocutusOfBorg]

so what is the issue?

[LocutusOfBorg]

what does ifconfig report?

[Merlinistisch]

The issue is that these IP adresses have never logged into the network and probably don't exist, ifcongi shows: eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255 inet6 fe80::a00:27ff:fe02:4be7 prefixlen 64 scopeid 0x20 ether 08:00:27:02:4b:e7 txqueuelen 1000 (Ethernet) RX packets 1 bytes 590 (590.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 21 bytes 2972 (2.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 1000 (Local Loopback) RX packets 4 bytes 240 (240.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4 bytes 240 (240.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

[koeppea]

Could you please run the following command on CLI:

sudo ettercap -Tqslq

and paste the ouput here?

[Merlinistisch]

Could you please run the following command on CLI:

sudo ettercap -Tqslq

and paste the ouput here?

the output is : ettercap 0.8.3.1 copyright 2001-2020 Ettercap Development Team

Listening on: eth0 -> 08:00:27:02:4B:E7 10.0.2.15/255.255.255.0 fe80::a00:27ff:fe02:4be7/64

SSL dissection needs a valid 'redir_command_on' script in the etter.conf file Ettercap might not work correctly. /proc/sys/net/ipv6/conf/eth0/use_tempaddr is not set to 0. Privileges dropped to EUID 65534 EGID 65534...

34 plugins 42 protocol dissectors 57 ports monitored 28230 mac vendor fingerprint 1766 tcp OS fingerprint 2182 known services Lua: no scripts were specified, not starting up!

Randomizing 255 hosts for scanning... Scanning the whole netmask for 255 hosts...

• |==================================================>| 100.00 %

3 hosts added to the hosts list... Starting Unified sniffing...

Text only Interface activated... Hit 'h' for inline help

Hosts list:

1) 10.0.2.2 52:54:00:12:35:02 2) 10.0.2.3 52:54:00:12:35:03 3) 10.0.2.4 52:54:00:12:35:04

Closing text interface...

Terminating ettercap... Lua cleanup complete! Unified sniffing was stopped.

[koeppea]

Thanks. But I can’t see what’s weird with these IP addresses or MAC addresses.

To me also everything is looking ok. The warning with the temp_addr only relates to IPv6.

[Merlinistisch]

I know that the ip adresses of my phone, the virtual machine and my pc aren't listed.

[koeppea]

Can you please re-run the command with the -w /tmp/packets.pcap and provide the file /tmp/packets.pcap?

[Merlinistisch]

Iit says: -w /tmp/packets.pcap

[koeppea]

Well or should not say anything different but have a file packet.pcap in /tmp directory.

[Mnanuk]

I have the same problem did you found how to fix it guys ?

[koeppea]

I cannot reproduce it. Therefore I asked to re-run incl. the -w /tmp/packets.pcap.

[Mnanuk]

okaaay I found the problem we were on NAT mode in our VM switch to the bridge mode that allow your VM to be like a physical computer and have his own IP adress

go to the setting of your VM then networks or something like that and switch from nat to bridge

[koeppea]

Thanks for sharing your finding. Closing the issue then.