Do not enabling packet forwarding via the kernal, i.e. /proc/sys/net/ipv4/ip_forward. Ettercap does this for you if you enable it in the kernel you will flood the network with duplicate packets. If you want to use the kernel than disable packet forwarding in ettercap. If you run both you'll cause havoc with duplicate, unnecessary packets.
Quote:
Originally Posted by ranlr
apparently you can use ettercap to sniff and mitm two seperate subnets.
I had a Wireless AP honeypot -> ath0 -> laptop -> eth0 -> internet setup for demo-ing to our employees how unsafe cafes are and to never just click "Accept" (though i doubt it did any good...) and i would always enable the forwarding AFTER starting ettercap:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
This works intermittently but worked for Gmail which was good enough, they got the message (those that werent napping).
|