When used on a gateway, you have no choice.
from man ettercap:
"The kernel ip_forwarding is always disabled by ettercap. This is done to prevent to forward a packet twice (one by ettercap and one by the kernel). This is an invasive behaviour on gateways. So we recommend you to use ettercap on the gateways ONLY with the UNOFFENSIVE MODE ENABLED. Since ettercap listens only on one network interface, launching it on the gateway in offensive mode will not allow packets to be rerouted back from the second interface. "
So if used on two separate subnets (see my previous post), ie gateway, and you need it to be offensive, then you need the kernel to forward, am i wrong?
Quote:
Originally Posted by ipndrmath
Do not enabling packet forwarding via the kernal, i.e. /proc/sys/net/ipv4/ip_forward. Ettercap does this for you if you enable it in the kernel you will flood the network with duplicate packets. If you want to use the kernel than disable packet forwarding in ettercap. If you run both you'll cause havoc with duplicate, unnecessary packets.
|