Ettercap/ettercap

Fails on WSL2 Kali install

ajmeese7 opened this issue · 3 comments

ajmeese7 commented

Whenever I try this with two known good PCAP files, I get output similar to the following:

$ ettercap -Tqr ./all/ospf.pcapng

ettercap 0.8.3.1 copyright 2001-2020 Ettercap Development Team

Reading from ./all/ospf.pcapng
Libnet failed IPv4 initialization. Don't send IPv4 packets.
Libnet failed IPv6 initialization. Don't send IPv6 packets.
  34 plugins
  42 protocol dissectors
  57 ports monitored
28230 mac vendor fingerprint
1766 tcp OS fingerprint
2182 known services
Lua: no scripts were specified, not starting up!

Starting Unified sniffing...


ERROR : 0, Success
[./src/ec_capture.c:capture:91]

 Error while capturing: an interface has a type 249 different from the type of the first interface


Terminating ettercap...
Lua cleanup complete!

Myself and @Txnn3r were able to determine that you must convert the files to .pcap instead of .pcapng via a Wireshark export, this seems like something that's at least worth mentioning here.

Thanks for the project, cheers!

Txnn3r commented

Notes to recreate: Original file was a .pcap. Once a filter was applied and selected packets were saved as a .pcapng, the file would get the following error. You would have to manually resave the new .pcapng file as a .pcap through wireshark > save as > .pcap to get things to work correctly in ettercap.

LocutusOfBorg commented 
ettercap -Tqr ./foo.pcapng 

ettercap 0.8.4-rc copyright 2001-2020 Ettercap Development Team

Reading from ./foo.pcapng
Libnet failed IPv4 initialization. Don't send IPv4 packets.
Libnet failed IPv6 initialization. Don't send IPv6 packets.
This product includes GeoLite2 Data created by MaxMind, available from https://www.maxmind.com/.
  34 plugins
  42 protocol dissectors
  56 ports monitored
28230 mac vendor fingerprint
1766 tcp OS fingerprint
2182 known services
Lua: no scripts were specified, not starting up!

Starting Unified sniffing...



Capture file read completely, please exit at your convenience.




User requested a CTRL+C... (deprecated, next time use proper shutdown)

please attach your pcap file

koeppea commented

I guess WSL has a older tcpdump library. Don't know if you can install a newer libpcap package including the -dev variant, purge the installed ettercap package and compile the latest ettercap code from source (GitHub).

AFAIK WSL is using apt with a Ubuntu based repo.