Author Topic: sometimes ettercap dns spoof not work  (Read 4755 times)

chi1i4n

  • Newbie
  • *
  • Posts: 9
    • View Profile
on: December 01, 2014, 01:25:18 AM
I test dns spoof with ettercap yesterday in studio,use wlan0,and it works perfect,
but...  when I back home,with netcore wifi,it not work ,but in ettercap gtk,it show some domains have been A to what I have written in etter.dns,but i didn't visit it in browser,and when I visit it,it works, but when I visit other domain,it not work,as...
in etter.dns,I write *.com ,
but when I visit a.com on the test machine,it not  work...
then I try other AP by Android phone,it works perfect

why... i am sure all the Firewall have been disabled,including netcore..

if  u  can't understand...
I am sorry my English is poor



ostendali

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 588
    • View Profile
Reply #1 on: December 01, 2014, 12:21:42 PM
here is the deal:-)
what is not working exactly:
 1) the ettercap?
 2) the internet navigation?
 3) both?

Case 1, you have probably messed up with the ettercap dns spoof settings (which is a sort of app level firewall)
Case 2, check your /etc/resolv.conf and see what dns you are pointing at
Case 3, re-do case 1 and 2:-)

Case 4, explain yourself:-)



chi1i4n

  • Newbie
  • *
  • Posts: 9
    • View Profile
Reply #2 on: December 01, 2014, 02:16:25 PM
e....
it's my mistake .. 
i want to know whether the ARP firewall can effect ettercup working..  or what can effect it 
thx !



ostendali

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 588
    • View Profile
Reply #3 on: December 02, 2014, 01:31:40 PM
again, ettercap is a sniffer, so, if the device that needs to be sniffed (the NIC in this case) has some restrictions such as firewall restriction, what do you think ettercap will do?

the sniffer will capture whatever comes through the NICs and if nothing comes, due to the restrictions, then ettercap will capture nothing.

is that makes sense?

because your question doesn't make any sense to me :)

Btw: there is no such thing called ARP firewall, there is firewall and ARP. 2 completely different things.