Not able to uncommend the redir_comman_{on,off} configuration lines and run ettercap as root for which EUID and EGID need to be 0!

[sayan-sibyl]

Go this site http://picateshackz.com/2015/05/man-in-middle-attack-using-ettercap-in.html These steps are for kali linux and I am on macOS so how to execute these steps in mac? I also tried to open the /etc/ettercap/etter.conf file via terminal using (open -a TextEdit ) command as I don't have any other editor but terminal says file not found and I have a ettercap folder only in /usr/local/cellar/ettercap/0.8.2_1 ,I don't have any other ettercap folder in my mac nor in /etc neither anywhere else

[LocutusOfBorg]

It depends, what does this mean? full bandwidth is something you can do, however poisoning might introduce some little delays

[sayan-sibyl]

I mean I went to a website which had the instructions as follows, you can surf the internet or increase your internet speed using ETTERCAP you simply need to poison the network with a

warning: do not start sniffing the network

My question: I want to surf the internet at max speed just to escape bandwidth capping from my ISP

This is the website: http://www.theprohack.com/2009/07/getting-max-internet-speed-using-arp.html

[koeppea]

This sounds logical since then you don't route all the traffic in a process switching manner though your device but just use ettercap as a part of a toolset to impersonate another's network identity. At a certain point in time we decided to start sniffing by default since so many issues were based on the reason that they simply forgot to start the sniffing engine. However, this behavior is (AFAICR) configurable in the etter.conf. But I can't tell offhand which since I've only a poor smartphone available at present. Reading man etter.conf should help though.

[sayan-sibyl]

@koeppea @sgeto @LocutusOfBorg @gvanem
I use ettercap just to extract the IP and mac addresses and I don't have an IP address of my own I simple impersonate others IP and mac address in my LAN I only have a modem given to me by the ISP which I use to connect to the internet!

Question 1: I want to know how can I make someone else's bandwidth to go through my machine like given in this website:- http://www.theprohack.com/2009/07/getting-max-internet-speed-using-arp.html

I am pasting the information given in the above mentioned website

_Ever thought of stealing bandwidth of internet in a local Lan ? well..I usually do it when I am surfing net at night and need more speed for downloading games and I do it using Ettercap..love Linux movies..and you can do that too. Well its done using ARP Poisoning..Sounds geeky but its the technical name of network sniffing.Basically,sniffing is used to get passwords – encrypted or unencrypted in a network. But it can also be used to choke the network bandwidth and getting maximum bandwidth in a single system. For those who don't know how it happens,lemme give you a little insight on how it happens.

Below is an example of a normal network.Now as we can see,that we are working on a laptop and we have to sniff out a target computer .All the systems are getting data via a switch which is itself connected to a router.The Router has a MAC address which is in this case is not binded to a particular IP. All the data is routed to a switch which is catered to systems using a switch.

Normal Network - rdhacker.blogspot.com

The systems connect to router through the MAC address of router.Technically,we have to spoof the MAC address of router so all the data is sent through our system (the laptop in this case) and we are able to see and analyze each packet of data.In simple words this process of spoofing is known as ARP poisoning.Also,in normal condition,data sent through LAN is unencrypted in nature.

Poisoned Network- rdhacker.blogspot.com As we can see in the above diagram,we have now spoofed the MAC address and the data is sent through our system and we can view passwords and data.

But hey wait..I said that I will tell you how to get maximum speeds ain’t it ? well..its easy. When you poison a network,and spoof the address,but if you have not yet started sniffing,then all the systems will look for data to your system and will not be able to access net.And you will be playing with full bandwidth !!!

Getting Max speeds using ARP poisoning- rdhacker.blogspot.com To do this, Download Ettercap and poison the network (shift + U then control + S ..do some homework and get the idea) but DONT START SNIFFING.Once you have poisoned it,you will be able to surf internet at maximum bandwidth whereas others wont.I used to do it in my net connection at night so nobody was able to complaint and stop it as soon as my downloads finished so I was way away from the hands of Law.BTW Ettercap is one of the best available tool for sniffing any network out there. I love it.._

I want to surf the internet at max speed I am a newbie so I don't know much about using ettercap so please help!

Question 2: what is the use of this command (shift + U then control + S ) and in which interface of ettercap this command is used?

[LocutusOfBorg]

if I read correctly, you want to disable internet for everybody else, to have the full bandwidth of the network?

[sayan-sibyl]

@LocutusOfBorg yeah

[LocutusOfBorg]

so, disable with "stop snifing" after it gets started automatically?

[sayan-sibyl]

@LocutusOfBorg Question 2: what is the use of this command (shift + U then control + S ) and in which interface of ettercap this command is used?

[LocutusOfBorg]

text, select interface and scan for hosts?

[sayan-sibyl]

@LocutusOfBorg Ok in the above blog, the blog describes how to get full bandwidth, but doesn't specifies the steps so can u guide me step by step as to what should I do after running ettercap as GUI then scanning for hosts then what should I do after I stop the sniffing?

[LocutusOfBorg]

open, select interface, start arp-poisoning, stop sniffing, enjoy. (YMMV)

[sayan-sibyl]

@LocutusOfBorg Ok after selecting the interface which in my case is en0, should I leave the targest to anyone or something else and, after clicking on ARP poisoning what should I select: option 1 - sniff remote connections or option 2 - posion one way

[LocutusOfBorg]

I deleted the last two comments, please try to sort that out by yourself, and come back if you still have questions. You need to gain some background in MITM if you want to successfully test your network/ettercap client :)

[sayan-sibyl]

@LocutusOfBorg Ok bro!

[sayan-sibyl]

@LocutusOfBorg I have succesfully installed ettercap using this command : brew install --HEAD ettercap --with-gtk+ Now that I have installed I started ettercap using -G Then stopped unified sniffing Scanned for hosts Then started MITM (ARP poisoning) atttack (Only Poison One Way) with targets (Anyone) The poisoning failed the connections were not terminated I mean the full bandwith one!

[sayan-sibyl]

@LocutusOfBorg @koeppea @sgeto I don't know why I get this error

I have succesfully installed ettercap using this command : brew install --HEAD ettercap --with-gtk+ Now that I have installed I started ettercap using -G Then stopped unified sniffing Scanned for hosts Then started MITM (ARP poisoning) atttack (Only Poison One Way) with targets (Anyone) The poisoning failed the connections were not terminated I mean the full bandwith one!

Error:

Listening on: en0 -> 84:16:F9:B4:8E:73 172.28.66.249/255.255.255.0 fe80::56:65f5:89f:5a6d/64

Privileges dropped to EUID 0 EGID 0...

33 plugins 42 protocol dissectors 57 ports monitored 20530 mac vendor fingerprint 1766 tcp OS fingerprint 2182 known services Starting Unified sniffing...

Randomizing 255 hosts for scanning... Scanning the whole netmask for 255 hosts... 168 hosts added to the hosts list... Unified sniffing was stopped. Host 172.28.66.1 added to TARGET1 Host 172.28.66.48 added to TARGET2

ARP poisoning victims:

GROUP 1 : 172.28.66.1 EC:CD:6D:58:48:C6

GROUP 2 : 172.28.66.48 6C:B0:CE:68:18:E1 Activating chk_poison plugin... chk_poison: Checking poisoning status... chk_poison: No poisoning at all :(

[sayan-sibyl]

@koeppea @mnciitbhu @LocutusOfBorg @sgeto @gvanem ?