Ettercap :0 hosts added to the hosts list...

[Achraf-ai]

Hello , i was working with ettercap but whereever i scan my network ettercap says : 0 hosts added to the hosts list... even when i want to do arp spoofing in Terminal : FATAL: ARP poisoning needs a non empty hosts list. i have already 8 machine in my network I work with kali linux 2019 not in virtual machine in real machine

ettercap -T -q -M ARP /192.168.1.1// /192.168.1.10// output:

ettercap 0.8.2 copyright 2001-2015 Ettercap Development Team

Listening on: wlan0 -> 02:BD:51:71:7B:53 192.168.1.17/255.255.255.0 fe80::28b6:bf2a:8293:77d7/64

Privileges dropped to EUID 0 EGID 0...

33 plugins 42 protocol dissectors 57 ports monitored 20388 mac vendor fingerprint 1766 tcp OS fingerprint 2182 known services Lua: no scripts were specified, not starting up!

Scanning for merged targets (2 hosts)...

• |==================================================>| 100.00 %

0 hosts added to the hosts list...

FATAL: ARP poisoning needs a non empty hosts list.

[koeppea]

I see you're using wireless. Can you try on wired network? Also you're not using the latest version. Please read our Wiki to help us troubleshooting your issue.

[Pixel48]

Same problem in eth0 with 0.8.2

[koeppea]

Please note that 0.8.2 is not the latest code release from Github. What about the wired test?

[tijldeneut]

This problem is persistent, "arping" command works perfectly. Both VM/native, wired or wireless, Kali up-to-date … Both GUI as Text based version of Ettercap has the same issue, I've build 0.8.3 and it remains. I assume some change in ethernet stack in newest Kali?

[tijldeneut]

To confirm: Ettercap on Kali 2019.3 (possibly after an apt dist-upgrade) is broken apt dist-upgrade -y With built-in Ettercap 0.8.2 and again with a freshly compiled 0.8.3, I opened Wireshark: the ARP requests for the entire subnet are leaving and ARP replies are sent back, exactly as expected. But the Host List for Ettercap GUI remains empty and the error message with the Text version remains: FATAL: ARP poisoning needs a non empty hosts list.

--> FYI: This works: Debian 10 Netinst

apt update
apt -y install git debhelper bison check cmake flex ghostscript libbsd-dev libcurl4-openssl-dev libgeoip-dev libltdl-dev libluajit-5.1-dev libncurses5-dev libnet1-dev libpcap-dev libpcre3-dev libssl-dev libgtk-3-dev libgtk2.0-dev 
git clone https://github.com/Ettercap/ettercap && cd ettercap
mkdir build && cd build
cmake -DCMAKE_BUILD_TYPE=Debug ..
make && make install
ettercap -TqM ARP:REMOTE /192.168.100.1// /192.168.100.2//

[koeppea]

Let me make up a Kali VM and try to reproduce.

[tijldeneut]

Could it be timing issues? Running the command 7 times eventually finds the hosts. Maybe the capture thread is started too late to receive the ARP replies? (or the thread is stopped too early)

(FYI: default installed Kali 2019.3 does not have the problem, must be updated version) (Last update: default installed Kali 2019.3 has a working Ettercap 0.8.2. Compiling 0.8.3 from git on this fresh machine creates this issue again)

[koeppea]

Can confirm the described behavior. Can reproduce it. Dig into it .... give me some days..

[koeppea]

what happens if you specify the interface explicitly? So based on you last example:

ettercap -STqieth0 -Marp:remote /10.20.20.34// /10.20.0.1//

[tijldeneut]

Same result, it does indeed have multiple adapters, but also tested on new VM's with only one adapter. Wireshark shows the ARP requests being sent, so I don't think specifying an adapter matters.

[koeppea]

I assume this is related to the newer libpcap version used in Kali. Will try to isolate the issue and if necessary discuss with the LibPCAP folks.

[koeppea]

Can you please check if PR #977 fixes the issue for you. It fixed it on my Kali installation. Please provide feedback. Thanks

[tijldeneut]

Yes, tried it out and both commits compile perfectly on my Kali and it now works flawlessly. Thanks a lot!

[zartaz]

same problem latest kali not fixed after recompilation

[tijldeneut]

Try this:

wget https://github.com/Ettercap/ettercap/archive/276975159a181365c17af36dda349fb0b1b3015f.zip -O ettercap.zip && unzip ettercap.zip && cd ettercap-276975159a181365c17af36dda349fb0b1b3015f
apt update
apt -y install git debhelper bison check cmake flex ghostscript libbsd-dev libcurl4-openssl-dev libgeoip-dev libltdl-dev libluajit-5.1-dev libncurses5-dev libnet1-dev libpcap-dev libpcre3-dev libssl-dev libgtk-3-dev libgtk2.0-dev 
mkdir build && cd build
cmake -DCMAKE_BUILD_TYPE=Debug ..
make && make install
ettercap -TqM ARP:REMOTE /192.168.100.1// /192.168.100.2//

[zartaz]

ok host list is happy now !!! thanks mate

[zartaz]

ok still for some reason ettercap shows less hosts than nmap ...

[koeppea]

Less IPv4 and or IPv6 Hosts?

[zartaz]

Ipv4 , everytime i press scan it has random output, nmap is stable

[koeppea]

Can you please reproduce multiple times and provide the ettercap-0.8.3_debug.log?

[zartaz]

Yes of course i will when i go home

[zartaz]

ettercap -G

ettercap 0.8.3 copyright 2001-2019 Ettercap Development Team

Cannot change tcp-segmentation-offload Cannot change large-receive-offload first error on terminal (ettercap:2138): Gtk-CRITICAL : 00:09:53.532: Unable to create user data directory '/root/.local/share' for storing the recently used files list: Not a directory (ettercap:2138): Gtk-WARNING : 00:09:53.581: Unable to open server bookmarks: Failed to open file “/root/.config/gtk-3.0/servers”: Permission denied (ettercap:2138): dconf-CRITICAL **: 00:09:53.595: unable to create directory '/run/user/0/dconf': Not a directory. dconf will not work properly. ettercap-0.8.3_debug.log

[koeppea]

@zartaz looking at the debug log file I cannot see the randomness you described:

$ egrep "hosts added|Host:" ~/Downloads/ettercap-0.8.3_debug.log 
[     scan] Host: 192.168.2.1
[     scan] Host: 192.168.2.2
[ ettercap] gtkui_msg: 2 hosts added to the hosts list...
[     scan] Host: 192.168.2.1
[     scan] Host: 192.168.2.2
[ ettercap] gtkui_msg: 2 hosts added to the hosts list...
[     scan] Host: 192.168.2.1
[     scan] Host: 192.168.2.2
[ ettercap] gtkui_msg: 2 hosts added to the hosts list...
[     scan] Host: 192.168.2.1
[     scan] Host: 192.168.2.2
[ ettercap] gtkui_msg: 2 hosts added to the hosts list...
[     scan] Host: 192.168.2.1
[     scan] Host: 192.168.2.2
[ ettercap] gtkui_msg: 2 hosts added to the hosts list...
$

Anyway I think this is off-topic of this issue. So could you please open a new issue for that and provide more data. See you Wiki page. So a fresh debug logfile with a running packet capture -w packets.pcap would be good there and the output of nmap in contrast.

[zartaz]

Ok!

[koeppea]

PR #977 merged. Closing.