evilsocket
commented
6 years ago set net.sniff.verbose true
Closed q2dg closed 6 years ago
evilsocket
commented
6 years ago set net.sniff.verbose true
q2dg
commented
6 years ago Nop. I've tried and same behaviour. It's only leaked the DNS request before actually the pinging.
eenblam
commented
6 years ago sudo bettercap -caplet caplets/local-sniffer.cap -debug
(...) [sys.log] [dbg] Missing transport layer skipping packet.Got that for every ICMP packet while pinging another host.
Recompiled to log.Debug(pkt.String()) after the above debug line, and the packet was indeed ICMP.
Working on a fix.
eenblam
commented
6 years ago https://github.com/bettercap/bettercap/pull/335#issuecomment-420241592
ICMP packets were skipped on purpose as they carry no useful info.
If I run ./bettercap -caplet caplets/local-sniffer.cap in one terminal and I run ping whatever in other terminal of same machine (net.sniff.local is set to true), on Bettercap's screen doesn't appear any package.
If I run ping from another machine, doing an arp spoofing to this machine (basically, adding set arp.spoof.targets ipRemoteMachine ; arp.spoof on before net.sniff on line on local-sniffer.cap caplet) does'nt show anything, neither.