sometimes ettercap dns spoof not work

Started by chi1i4n, December 01, 2014, 01:25:18 AM

Previous topic - Next topic

chi1i4n

I test dns spoof with ettercap yesterday in studio,use wlan0,and it works perfect,
but...  when I back home,with netcore wifi,it not work ,but in ettercap gtk,it show some domains have been A to what I have written in etter.dns,but i didn't visit it in browser,and when I visit it,it works, but when I visit other domain,it not work,as...
in etter.dns,I write *.com ,
but when I visit a.com on the test machine,it not  work...
then I try other AP by Android phone,it works perfect

why... i am sure all the Firewall have been disabled,including netcore..

if  u  can't understand...
I am sorry my English is poor

ostendali

here is the deal:-)
what is not working exactly:
1) the ettercap?
2) the internet navigation?
3) both?

Case 1, you have probably messed up with the ettercap dns spoof settings (which is a sort of app level firewall)
Case 2, check your /etc/resolv.conf and see what dns you are pointing at
Case 3, re-do case 1 and 2:-)

Case 4, explain yourself:-)

chi1i4n

e....
it's my mistake .. 
i want to know whether the ARP firewall can effect ettercup working..  or what can effect it 
thx !

ostendali

again, ettercap is a sniffer, so, if the device that needs to be sniffed (the NIC in this case) has some restrictions such as firewall restriction, what do you think ettercap will do?

the sniffer will capture whatever comes through the NICs and if nothing comes, due to the restrictions, then ettercap will capture nothing.

is that makes sense?

because your question doesn't make any sense to me :)

Btw: there is no such thing called ARP firewall, there is firewall and ARP. 2 completely different things.