Open ajmeese7 opened 11 months ago
Txnn3r
commented
11 months ago Notes to recreate: Original file was a .pcap. Once a filter was applied and selected packets were saved as a .pcapng, the file would get the following error. You would have to manually resave the new .pcapng file as a .pcap through wireshark > save as > .pcap to get things to work correctly in ettercap.
LocutusOfBorg
commented
11 months ago ettercap -Tqr ./foo.pcapng
ettercap 0.8.4-rc copyright 2001-2020 Ettercap Development Team
Reading from ./foo.pcapng
Libnet failed IPv4 initialization. Don't send IPv4 packets.
Libnet failed IPv6 initialization. Don't send IPv6 packets.
This product includes GeoLite2 Data created by MaxMind, available from https://www.maxmind.com/.
34 plugins
42 protocol dissectors
56 ports monitored
28230 mac vendor fingerprint
1766 tcp OS fingerprint
2182 known services
Lua: no scripts were specified, not starting up!
Starting Unified sniffing...
Capture file read completely, please exit at your convenience.
User requested a CTRL+C... (deprecated, next time use proper shutdown)
please attach your pcap file
koeppea
commented
11 months ago I guess WSL has a older tcpdump library. Don't know if you can install a newer libpcap package including the -dev variant, purge the installed ettercap package and compile the latest ettercap code from source (GitHub).
AFAIK WSL is using apt with a Ubuntu based repo.
Whenever I try this with two known good PCAP files, I get output similar to the following:
Myself and @Txnn3r were able to determine that you must convert the files to
.pcapinstead of.pcapngvia a Wireshark export, this seems like something that's at least worth mentioning here.Thanks for the project, cheers!