ubuntu - ettercap filtering doesn't work -

ubuntu - ettercap filtering doesn't work -

i cant utilize ettercap filters. i'm writing simple filter can think of:

if (ip.proto == tcp){ msg("ran filter\n"); }

but doesn't work. when compile using etterfilter , run:

sudo ettercap -f /tmp/filter.ef -t -m arp -i wlan1 /192.168.1.6/ // msg not printed. packet visualization see tcp packets, filter seem not working though ettercap says "content filters loaded /tmp/filter.ef".

to solve i've tried enabling ip_forward, , i've tried deleting "#" sign in /etc/etter.conf utilize iptables it's redir_command (lines 168-169)

i've tried putting on askubuntu.com

http://askubuntu.com/questions/251866/ettercap-filtering-doesnt-work

do know how create filtering work?

i'm using ettercap ng-0.7.4.2 on ubuntu 12.10

finally found answer. problem because of bug in ettercap! man page:

you can load script without enabling appending :0 filename

and code:

/* enable loaded filter script? */ uint8_t f_enabled = 0; /* there :0 or :1 appended filename? */ if ( (opt_end-optarg >=2) && *(opt_end-2) == ':' ) { *(opt_end-2) = '\0'; f_enabled = !( *(opt_end-1) == '0' ); }

as can see code, , opposed man page says, must append ":1" filter's file name in order loaded. otherwise, filter not used.

so why inly happned me? beacuse i'm using version 0.7.4.2, version downloaded when apt-get install ettercap on ubuntu. opposed ettercap website, stating "the latest ettercap release is: 0.7.4.1"

a patch solves bug sent ettercap developers.

ubuntu filter man-in-the-middle