-
January 20th, 2010, 10:41 AM
#1
Junior Member
Ettercap Filters for Packet Alteration
Hi,
first of all, I want to say hello, since this is my first post.
I have a question about ETTERCAP.
I got a network which integrity must be tested. Some of the tests consist of alterating or dropping some packets.
Any information of the packet could be altered (addresses, checksum, payloads,...)
I tried with ETTERCAP filters, and at Layer 3 and 4 worked really well, since I could modify all the parameters I wanted.
Now I got a problem at Layer 2. I tried creating a filter that uses the MAC address as deciding parameter. The filter could be compiled without problems, but when I applied it, it did not filter as desired (even though the conditions were fulfilled).
Do you know if Ettercap supports Layer 2 filters??
best regards,
lupastro
-
January 21st, 2010, 01:35 AM
#2
Hi lupastro,
Welcome to AO.
Would you be opposed to posting the code from your filter? It might be easier for the members to see what is causing the problem.
Best of luck!
Westin
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
January 21st, 2010, 02:37 AM
#3
Originally Posted by lupastro
Do you know if Ettercap supports Layer 2 filters??
best regards,
lupastro
Why don't you stop fvcking with us? You already know the answer you advanced piece of foreign labor.
-
January 21st, 2010, 10:28 AM
#4
Junior Member
Originally Posted by Linen0ise
Why don't you stop fvcking with us? You already know the answer you advanced piece of foreign labor.
First of all, you ignorant bastard. I am not foreign labor, since I do not live nor work in the US. Actually, I think I would never do it, if everyone was like you. If you knew where I am from, you'd surely would not be even able to locate it on a map.
Fortunately I got american friends and I know that not all american are as bastards, ignorant and a**holes as you are.
have fun insulting people
Last edited by lupastro; January 21st, 2010 at 10:50 AM.
-
January 21st, 2010, 10:36 AM
#5
Junior Member
Originally Posted by westin
Hi lupastro,
Welcome to AO.
Would you be opposed to posting the code from your filter? It might be easier for the members to see what is causing the problem.
Best of luck!
Westin
Hi Westin,
thanks for your answer. My mistake. You are right, here's the example:
if (ip.src == '192.168.1.1') {
ip.src = 192.1.168.1;
}
This worked. Then i tried:
if (mac.dst == "11:22:33:44:55:66") {
mac.dst = "FF:FF:FF:FF:FF:FF";
}
if (mac.src == "11:22:33:44:55:66") {
mac.src = "FF:FF:FF:FF:FF:FF";
}
The filter compiled, but did not filter anything, even if the MAC addresses matched (I used a Packet Generator using the given addresses).
The sniffer on another device detected without problems the 11:22:.... frames, and that's how I realized that ettercap had forwarded the frames, but anything was manipulated in the frames...
I know it's a nonsense filter, but was done only for testing purposes.
Since ettercap compiled the filters, I supposed it would accept the Layer 2 filtering...that's the reason why I asked it.
thanks again!
lupastro.
-
January 21st, 2010, 11:57 PM
#6
I am not sure how picky ettercap is, but the only thing I see right off hand, is that you used single quotes above, and double quotes below. Probably woudn't matter, but you never know.
Sorry about the insulting post. It looks like that particular user is banned now.
Last edited by westin; January 21st, 2010 at 11:59 PM.
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
January 22nd, 2010, 08:47 AM
#7
Junior Member
Originally Posted by westin
I am not sure how picky ettercap is, but the only thing I see right off hand, is that you used single quotes above, and double quotes below. Probably woudn't matter, but you never know.
Sorry about the insulting post. It looks like that particular user is banned now.
Hi Westin,
no problem about the other post...people like that can be found everywhere....whatever..
You are right about the quotes. The problem is that single quotes are not accepted, since they are only meant to be used with IP addresses. I already tried it, but the filter does not compile.
The only way it compiles is with double quotes...
Anyway, thanks for your help :-)
-
January 22nd, 2010, 09:32 PM
#8
Similar Threads
-
By Irongeek in forum Newbie Security Questions
Replies: 8
Last Post: November 1st, 2017, 07:16 AM
-
By sphanlon in forum Spyware / Adware
Replies: 11
Last Post: April 1st, 2013, 08:05 PM
-
By Irongeek in forum The Security Tutorials Forum
Replies: 4
Last Post: June 11th, 2008, 09:26 AM
-
By ZombieFx in forum Newbie Security Questions
Replies: 8
Last Post: January 29th, 2008, 07:16 AM
-
By Irongeek in forum The Security Tutorials Forum
Replies: 2
Last Post: June 16th, 2005, 07:09 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|