Hardware Reference
In-Depth Information
You see, one obstacle that sniffers have to overcome is how to obtain network
packets that aren't meant for your network interface. This is where Ettercap's
man-in-the-middle attack comes into play. We will launch an
ARP poisoning
attack that will trick any computer on the network into sending all its network
packets through the Pi. Our Pi will essentially become the man in the middle,
secretly spying on and manipulating the packets as they pass through.
Let's install the command-line version of Ettercap using the following command:
pi@raspberrypi ~ $ sudo apt-get install ettercap-text-only
Before we begin, make a few small adjustments to the Ettercap configuration file:
pi@raspberrypi ~ $ sudo nano /etc/etter.conf
Find the two lines that read
ec_uid = 65534
and
ec_gid = 65534
. Now change the two
lines to read
ec_uid = 0
and
ec_gid = 0
. This changes the user/group ID used by
Ettercap to the
root
user. Next, find the line that starts with
remote_browser
and
replace mozilla with
elinks
, then save the configuration and exit
nano
.
For our first Ettercap experiment, we'll try to capture every single host name lookup
made by any computer on the local network. For example, your browser makes a
host name lookup behind the scenes when you visit a website for the first time. Use
the following command to start sniffing:
pi@raspberrypi ~ $ sudo ettercap -T -i wlan0 -M arp:remote -V ascii -d
//53
Depending on the level of activity on your network, the messages could be flooding
your screen or trickle in once in a while. You can verify that it is indeed working by
opening up a command prompt on any computer on the network and trying to ping
a made-up address, for example:
C:\> ping ahamsteratemyrockstar.com
