From 4683917219b42afa46e704d21dea661696e8a956 Mon Sep 17 00:00:00 2001 From: Mariusz Mazur Date: Wed, 24 Apr 2002 18:58:54 +0000 Subject: [PATCH] - updated to 0.6.5 Changed files: ettercap-kernel_version.patch -> 1.5 ettercap-ncurses.patch -> 1.5 --- ettercap-kernel_version.patch | 7 - ettercap-ncurses.patch | 1346 +-------------------------------- 2 files changed, 29 insertions(+), 1324 deletions(-) diff --git a/ettercap-kernel_version.patch b/ettercap-kernel_version.patch index ee2cec9..65a859d 100644 --- a/ettercap-kernel_version.patch +++ b/ettercap-kernel_version.patch @@ -14,10 +14,3 @@ diff -uNr ettercap-0.6.3.1.orig/aclocal.m4 ettercap-0.6.3.1/aclocal.m4 AC_MSG_RESULT($uname) if test "$major$minor" -lt 20; then AC_MSG_WARN(*******************************); -@@ -327,4 +327,4 @@ - ] - ) - --]) -\ No newline at end of file -+]) diff --git a/ettercap-ncurses.patch b/ettercap-ncurses.patch index fc29013..f60ff3a 100644 --- a/ettercap-ncurses.patch +++ b/ettercap-ncurses.patch @@ -1,1323 +1,35 @@ -diff -uNr ettercap-0.6.4.orig/configure.in ettercap-0.6.4/configure.in ---- ettercap-0.6.4.orig/configure.in Mon Feb 11 22:28:37 2002 -+++ ettercap-0.6.4/configure.in Sat Feb 16 16:50:12 2002 -@@ -401,14 +401,14 @@ - ncurses_warn=0 - curses_warn=0 +--- configure.in~ Wed Apr 24 17:39:41 2002 ++++ configure.in Wed Apr 24 18:08:37 2002 +@@ -445,7 +445,7 @@ + ncurses_warn=0 + curses_warn=0 -- AC_CHECK_HEADERS(ncurses.h,,ncurses_warn=1) -+ AC_CHECK_HEADERS(ncurses/ncurses.h,,ncurses_warn=1) - AC_CHECK_LIB(ncurses,newpad,,ncurses_warn=1) +- AC_CHECK_HEADERS(ncurses.h,,ncurses_warn=1) ++ AC_CHECK_HEADERS(ncurses/ncurses.h,,ncurses_warn=1) - if test $ncurses_warn -ne 1; then - AC_DEFINE(HAVE_NCURSES,1) - ac_cv_ec_ncurses=yes - else -- AC_CHECK_HEADERS(curses.h,,curses_warn=1) -+ AC_CHECK_HEADERS(ncurses/curses.h,,curses_warn=1) - AC_CHECK_LIB(curses,newpad,,curses_warn=1) - AC_CHECK_LIB(curses,mvwgetnstr,,curses_warn=1) + if test $ncurses_warn -ne 1; then + AC_CHECK_LIB(ncurses,newpad,,ncurses_warn=2) +@@ -454,7 +454,7 @@ + ac_cv_ec_ncurses=yes + fi + else +- AC_CHECK_HEADERS(curses.h,,curses_warn=1) ++ AC_CHECK_HEADERS(ncurses/curses.h,,curses_warn=1) -@@ -426,7 +426,7 @@ - form_warn=0 - - if test "$ncurses_warn$curses_warn" = "00"; then -- AC_CHECK_HEADERS(form.h,,form_warn=1) -+ AC_CHECK_HEADERS(ncurses/form.h,,form_warn=1) - AC_CHECK_LIB(form,form_win,,form_warn=1) - - if test $form_warn -ne 1; then -@@ -458,12 +458,12 @@ - ac_cv_ec_debug=yes - ;; - no) AC_MSG_RESULT(no.) -- CFLAGS="-O3 -funroll-loops -fomit-frame-pointer -Wall" -+ CFLAGS="${CFLAGS} -funroll-loops -fomit-frame-pointer -Wall" - ac_cv_ec_debug=no - ;; + if test $curses_warn -ne 1; then + AC_CHECK_LIB(curses,newpad,,curses_warn=2) +@@ -575,12 +575,12 @@ + ac_cv_ec_debug=yes + ;; + no) AC_MSG_RESULT(no.) +- E_CFLAGS="-O3 -funroll-loops -fomit-frame-pointer -Wall" ++ E_CFLAGS="${CFLAGS} -funroll-loops -fomit-frame-pointer -Wall" + ac_cv_ec_debug=no + ;; esac ], - AC_MSG_RESULT(no. disabled by default.) -- CFLAGS="-O3 -funroll-loops -fomit-frame-pointer -Wall" -+ CFLAGS="${CFLAGS} -funroll-loops -fomit-frame-pointer -Wall" - ac_cv_ec_debug=no + AC_MSG_RESULT(no. disabled by default.) +- E_CFLAGS="-O3 -funroll-loops -fomit-frame-pointer -Wall" ++ E_CFLAGS="${CFLAGS} -funroll-loops -fomit-frame-pointer -Wall" + ac_cv_ec_debug=no ) AC_SUBST(DEBUG) -diff -uNr ettercap-0.6.4.orig/configure.in.orig ettercap-0.6.4/configure.in.orig ---- ettercap-0.6.4.orig/configure.in.orig Thu Jan 1 01:00:00 1970 -+++ ettercap-0.6.4/configure.in.orig Mon Feb 11 22:28:37 2002 -@@ -0,0 +1,675 @@ -+dnl -+dnl ettercap -- configure script -+dnl -+dnl Copyright (C) 2001 ALoR , NaGA -+dnl -+dnl This program is free software; you can redistribute it and/or modify -+dnl it under the terms of the GNU General Public License as published by -+dnl the Free Software Foundation; either version 2 of the License, or -+dnl (at your option) any later version. -+dnl -+dnl This program is distributed in the hope that it will be useful, -+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of -+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+dnl GNU General Public License for more details. -+dnl -+dnl You should have received a copy of the GNU General Public License -+dnl along with this program; if not, write to the Free Software -+dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -+dnl -+dnl $Id$ -+dnl -+ -+AC_INIT(src/ec_main.c) -+AC_CONFIG_HEADER(config.h) -+ -+SB=`./shtool echo -n -e %B` -+EB=`./shtool echo -n -e %b` -+ -+AC_SUBST(SB) -+AC_SUBST(EB) -+ -+VERSION=`grep VERSION ./src/include/ec_main.h | cut -f2 -d"\""` -+AC_SUBST(VERSION) -+ -+PROG=`grep PROGRAM ./src/include/ec_main.h | cut -f2 -d"\""` -+AC_SUBST(PROG) -+ -+EC_MESSAGE(Configuring $PROG-$VERSION) -+ -+SERIAL=`date +%Y%m%d` -+AC_SUBST(SERIAL) -+ -+RELEASE=1 -+AC_SUBST(RELEASE) -+ -+SOURCES=`ls ./src/ec_*.c | awk ' { printf "%s ", $1 } '` -+AC_SUBST(SOURCES) -+ -+ -+dnl ========================================= -+dnl Enable Developmen feature or portings -+dnl ========================================= -+ -+AC_ARG_ENABLE(devel, [ --enable-devel enable the undeveloped (alpha) features.], -+[ case "$enableval" in -+ yes) -+ development=1 -+ ;; -+ no) -+ development=0 -+ ;; -+esac ], -+ development=0 -+) -+ -+dnl ================ -+dnl Check the OS -+dnl ================ -+ -+AC_CANONICAL_SYSTEM -+case "$target_os" in -+*linux*) -+ EC_LINUX_KERNEL() -+ OS=LINUX -+ OS_OPT= -+ ;; -+*freebsd*) -+ EC_FREEBSD_VERSION() -+ OS=FREEBSD -+ OS_OPT= -+ ;; -+*netbsd*) -+ OS=NETBSD -+ OS_OPT= -+ ;; -+*openbsd*) -+ OS=OPENBSD -+ OS_OPT= -+ ;; -+*darwin*) -+ EC_DARWIN_KERNEL() -+ OS=MACOSX -+ OS_OPT= -+ STRIPOPTION="-x" -+ ;; -+*cygwin*) -+ if test $development -ne 1; then -+ echo -+ echo "CYGWIN PORTING IS IN PROGRESS..." -+ echo "STAY TUNED FOR THE NEXT RELEASE" -+ echo -+ echo "you can try to compile and run it" -+ echo "by configuring with the --enable-devel flag" -+ echo "TRY AT YOUR OWN RISK" -+ echo -+ exit -+ fi -+ OS=CYGWIN -+ OS_OPT= -+ ;; -+*solaris*) -+ if test $development -ne 1; then -+ echo -+ echo "WE ARE VERY VERY SORRY, BUT STILL NO SOLARIS PORT" -+ echo "WE ARE WORKING ON IT..." -+ echo "IF YOU WANT TO CONTRIBUTE WITH PORTING:" -+ echo "run ./configure --enable-devel " -+ echo "and report bugs" -+ echo -+ exit -+ fi -+ OS=SOLARIS -+ OS_OPT= -+ ;; -+*) -+ echo -+ echo "NOT A SUPPORTED SYSTEM / OR SYSTEM NOT RECOGNIZED" -+ echo -+ cat PORTINGS -+ echo -+ exit -+ ;; -+esac -+ -+AC_SUBST(OS) -+AC_SUBST(OS_OPT) -+AC_SUBST(STRIPOPTION) -+ -+dnl ====================== -+dnl Initialize prefix. -+dnl ====================== -+ -+AC_PREFIX_DEFAULT(/usr/local) -+ -+if test "$prefix" = "NONE"; then -+ prefix="/usr/local" -+fi -+ -+ -+dnl ======================== -+dnl Check the C compiler -+dnl ======================== -+ -+AC_PROG_CC -+AC_PROG_INSTALL -+AC_PROG_MAKE_SET -+AC_PROG_GCC_TRADITIONAL -+ -+dnl ====================== -+dnl Machine Endianness -+dnl ====================== -+ -+AC_C_BIGENDIAN -+ -+dnl ====================== -+dnl OS specific checks -+dnl ====================== -+ -+ -+if test "$OS" = "LINUX"; then -+ -+ dnl =========================== -+ dnl Check for Socket Packet -+ dnl =========================== -+ -+ EC_PF_PACKET() -+ EC_SOCK_PACKET() -+ -+ if test "$ac_cv_ec_nopf" = 1 && test "$ac_cv_ec_nosock" = 1; then -+ AC_MSG_WARN(*************************************); -+ AC_MSG_WARN(* You can't create Socket Packet !! *); -+ AC_MSG_WARN(*************************************); -+ exit; -+ fi -+ -+ dnl =========================================== -+ dnl Check for /proc/sys/net/ipv4/ip_forward -+ dnl =========================================== -+ -+ AC_PATH_PROGS(IPFORWARD,ip_forward,no,/proc/sys/net/ipv4) -+ if test "$IPFORWARD" = no; then -+ AC_MSG_WARN(*****************************************************************) -+ AC_MSG_WARN(* /proc/sys/net/ipv4/ip_forward not found !! *) -+ AC_MSG_WARN(* please disable manually ip_forwarding before running ettercap *) -+ AC_MSG_WARN(*****************************************************************) -+ else -+ AC_DEFINE(HAVE_PROC_FORWARDING) -+ fi -+ -+fi -+ -+ -+ -+if test "$OS" = "FREEBSD" -o "$OS" = "OPENBSD" -o "$OS" = "NETBSD" -o "$OS" = "MACOSX"; then -+ -+ AC_MSG_CHECKING(link-layer packet interface) -+ -+ if test -r /dev/bpf0 ; then -+ AC_MSG_RESULT(found bpf) -+ elif test -c /dev/bpf0 ; then -+ AC_MSG_RESULT(found bpf) -+ else -+ AC_MSG_WARN(*********************************************************); -+ AC_MSG_WARN(* /dev/bpf0 not found !! please reconfigure your kernel *); -+ AC_MSG_WARN(*********************************************************); -+ exit; -+ fi -+ -+fi -+ -+ -+ -+if test "$OS" = "SOLARIS"; then -+ -+ AC_CHECK_HEADERS(sys/bufmod.h sys/dlpi_ext.h) -+ AC_MSG_CHECKING(for /dev/dlpi device) -+ if test -c /dev/dlpi; then -+ AC_MSG_RESULT(yes) -+ AC_DEFINE(HAVE_DEV_DLPI) -+ else -+ AC_MSG_RESULT(no) -+ dir="/dev/dlpi" -+ AC_MSG_CHECKING(for $dir directory) -+ if test -d $dir ; then -+ AC_MSG_RESULT(yes) -+ AC_DEFINE_UNQUOTED(DLPI_DEV_PREFIX, "$dir") -+ else -+ AC_MSG_RESULT(no) -+ fi -+ fi -+ -+fi -+ -+if test "$OS" = "CYGWIN"; then -+ -+ AC_MSG_CHECKING(for WinPcap developer's pack) -+ AC_ARG_WITH(wpdpack, -+ [ --with-wpdpack=DIR use WinPcap developer's pack in DIR], -+ [ AC_MSG_RESULT($withval) -+ if test -f $withval/include/packet32.h -a -f $withval/lib/packet.a; then -+ COPTS="$COPTS -I$withval/include" -+ LIBS="$LIBS -L$withval/lib -lpacket -lws2_32" -+ else -+ AC_MSG_ERROR(packet32.h or packet.a not found in $withval) -+ fi ], -+ [ for dir in ${prefix} ${HOME}/WPdpack ; do -+ if test -f ${dir}/include/packet32.h -a -f ${dir}/lib/packet.a; then -+ COPTS="$COPTS -I${dir}/include" -+ LIBS="$LIBS -L${dir}/lib -lpacket -lws2_32" -+ have_pcap=yes -+ break; -+ fi -+ done -+ if test "$have_pcap" != yes; then -+ AC_MSG_ERROR(WinPcap developer's pack not found) -+ fi -+ AC_MSG_RESULT(yes) ]) -+ -+fi -+ -+dnl =========================== -+dnl Check for programs path -+dnl =========================== -+ -+AC_PATH_PROG(WGET_PATH, "wget") -+ if test -n "$WGET_PATH"; then -+ AC_DEFINE_UNQUOTED(WGET_PATH, "$WGET_PATH") -+ else -+ AC_DEFINE_UNQUOTED(WGET_PATH, "") -+ fi -+ -+ -+dnl ===================== -+dnl Check for headers -+dnl ===================== -+ -+AC_HEADER_STDC -+AC_HEADER_DIRENT -+AC_HEADER_TIME -+AC_CHECK_HEADERS(getopt.h) -+AC_CHECK_HEADERS(fcntl.h termios.h ctype.h) -+AC_CHECK_HEADERS(sys/time.h sys/utsname.h) -+AC_CHECK_HEADERS(ifaddrs.h) -+ -+dnl These are required !! -+AC_CHECK_HEADERS(unistd.h stdlib.h signal.h stdarg.h sys/ioctl.h,, -+ AC_MSG_WARN(**************************************************); -+ AC_MSG_WARN(* REQUIRED !! I cant believe U don't have this !!*); -+ AC_MSG_WARN(**************************************************); -+ exit) -+ -+AC_CHECK_HEADERS(dirent.h errno.h,, -+ AC_MSG_WARN(***************); -+ AC_MSG_WARN(* REQUIRED !! *); -+ AC_MSG_WARN(***************); -+ exit) -+ -+AC_CHECK_HEADERS(net/ethernet.h net/if_arp.h net/if.h) -+AC_CHECK_HEADERS(netinet/ip.h netinet/ip_icmp.h netinet/tcp.h) -+AC_CHECK_HEADERS(sys/sockio.h) -+ -+ -+dnl ================================================================== -+dnl Checks for typedefs, structures, and compiler characteristics. -+dnl ================================================================== -+ -+AC_STRUCT_TM -+EC_SOCKLEN_CHECK -+AC_TYPE_PID_T -+AC_TYPE_SIZE_T -+AC_C_CONST -+AC_LBL_SOCKADDR_SA_LEN -+AC_LBL_UNALIGNED_ACCESS -+ -+dnl ===================== -+dnl Check for libs -+dnl ===================== -+ -+AC_FUNC_MALLOC -+AC_FUNC_MEMCMP -+AC_TYPE_SIGNAL -+AC_FUNC_VPRINTF -+EC_PTHREAD_CHECK() -+AC_SEARCH_LIBS(log,c m) -+AC_SEARCH_LIBS(pow,c m) -+AC_SEARCH_LIBS(gethostbyname,c nsl,,AC_MSG_ERROR(libnsl not found.)) -+AC_SEARCH_LIBS(socket,c socket,,AC_MSG_ERROR(libsocket not found.)) -+AC_SEARCH_LIBS(dn_expand,c resolv,,) -+AC_CHECK_FUNCS(getifaddrs) -+AC_CHECK_FUNCS(gettimeofday) -+AC_CHECK_FUNCS(vsnprintf) -+AC_CHECK_FUNCS(select strdup strerror strstr strsignal) -+AC_CHECK_FUNCS(uname) -+ -+ -+dnl =============================== -+dnl Check for non standard libs -+dnl =============================== -+ -+MISSING="" -+MISSLIBS="" -+ -+AC_CHECK_FUNCS(getopt_long,,MISSING="$MISSING ./src/missing/getopt.c ./src/missing/getopt1.c" -+ MISSLIBS="$MISSLIBS ./src/missing/getopt.o ./src/missing/getopt1.o") -+AC_CHECK_FUNCS(strlcat,,MISSING="$MISSING ./src/missing/strlcat.c" -+ MISSLIBS="$MISSLIBS ./src/missing/strlcat.o") -+AC_CHECK_FUNCS(strlcpy,,MISSING="$MISSING ./src/missing/strlcpy.c" -+ MISSLIBS="$MISSLIBS ./src/missing/strlcpy.o") -+AC_CHECK_FUNCS(strsep,,MISSING="$MISSING ./src/missing/strsep.c" -+ MISSLIBS="$MISSLIBS ./src/missing/strsep.o") -+AC_CHECK_FUNCS(memmem,,MISSING="$MISSING ./src/missing/memmem.c" -+ MISSLIBS="$MISSLIBS ./src/missing/memmem.o") -+AC_CHECK_FUNCS(inet_aton,,MISSING="$MISSING ./src/missing/inet_aton.c" -+ MISSLIBS="$MISSLIBS ./src/missing/inet_aton.o") -+AC_CHECK_FUNCS(scandir,,MISSING="$MISSING ./src/missing/scandir.c" -+ MISSLIBS="$MISSLIBS ./src/missing/scandir.o") -+ -+AC_SUBST(MISSING) -+AC_SUBST(MISSLIBS) -+ -+ -+dnl ======================================= -+dnl Check user defined --enable-FEATURE -+dnl ======================================= -+ -+EC_MESSAGE(Checking user defined options) -+ -+dnl ----------------------- -+dnl -- NCURSES INTERFACE -- -+dnl ----------------------- -+ -+check_ncurses=0 -+AC_MSG_CHECKING([if --enable-ncurses option is specified]) -+AC_ARG_ENABLE(ncurses, [ --enable-ncurses enable the ncurses interface.], -+[ case "$enableval" in -+ yes) -+ AC_MSG_RESULT(yes.) -+ check_ncurses=1 -+ ;; -+ no) AC_MSG_RESULT(no.) -+ ;; -+esac ], -+ AC_MSG_RESULT(yes. enabled by default.) -+ check_ncurses=1 -+) -+ -+ac_cv_ec_ncurses=no -+ac_cv_ec_form=no -+ -+if test $check_ncurses -ne 0; then -+ ncurses_warn=0 -+ curses_warn=0 -+ -+ AC_CHECK_HEADERS(ncurses.h,,ncurses_warn=1) -+ AC_CHECK_LIB(ncurses,newpad,,ncurses_warn=1) -+ -+ if test $ncurses_warn -ne 1; then -+ AC_DEFINE(HAVE_NCURSES,1) -+ ac_cv_ec_ncurses=yes -+ else -+ AC_CHECK_HEADERS(curses.h,,curses_warn=1) -+ AC_CHECK_LIB(curses,newpad,,curses_warn=1) -+ AC_CHECK_LIB(curses,mvwgetnstr,,curses_warn=1) -+ -+ if test $curses_warn -ne 1; then -+ AC_DEFINE(HAVE_NCURSES,1) -+ ac_cv_ec_ncurses=yes -+ else -+ AC_MSG_WARN(***********************************************) -+ AC_MSG_WARN(* NCURSES are NOT available in your system !! *) -+ AC_MSG_WARN(* Interactive mode will not be supported! *) -+ AC_MSG_WARN(***********************************************) -+ fi -+ fi -+ -+ form_warn=0 -+ -+ if test "$ncurses_warn$curses_warn" = "00"; then -+ AC_CHECK_HEADERS(form.h,,form_warn=1) -+ AC_CHECK_LIB(form,form_win,,form_warn=1) -+ -+ if test $form_warn -ne 1; then -+ AC_DEFINE(HAVE_FORM,1) -+ ac_cv_ec_form=yes -+ else -+ AC_MSG_WARN(**********************************************) -+ AC_MSG_WARN(* FORM are NOT available in your system !! *) -+ AC_MSG_WARN(* some interface will be less pleasureful... *) -+ AC_MSG_WARN(**********************************************) -+ fi -+ fi -+fi -+ -+ -+ -+ -+dnl ----------- -+dnl -- DEBUG -- -+dnl ----------- -+ -+AC_MSG_CHECKING([if --enable-debug option is specified]) -+AC_ARG_ENABLE(debug, [ --enable-debug create a file for debugging messages.], -+[ case "$enableval" in -+ yes) -+ DEBUG="-DDEBUG" -+ CFLAGS="-g -ggdb -Wmissing-prototypes -Werror -Wall" -+ AC_MSG_RESULT(yes) -+ ac_cv_ec_debug=yes -+ ;; -+ no) AC_MSG_RESULT(no.) -+ CFLAGS="-O3 -funroll-loops -fomit-frame-pointer -Wall" -+ ac_cv_ec_debug=no -+ ;; -+esac ], -+ AC_MSG_RESULT(no. disabled by default.) -+ CFLAGS="-O3 -funroll-loops -fomit-frame-pointer -Wall" -+ ac_cv_ec_debug=no -+) -+AC_SUBST(DEBUG) -+ -+dnl ------------- -+dnl -- PLUGINS -- -+dnl ------------- -+ -+check_plugins=0 -+AC_MSG_CHECKING([if --enable-plugins option is specified]) -+AC_ARG_ENABLE(plugins, [ --enable-plugins enable the use of plugins in ettercap.], -+[ case "$enableval" in -+ yes) -+ AC_MSG_RESULT(yes.) -+ check_plugins=1 -+ ;; -+ no) AC_MSG_RESULT(no.) -+ ac_cv_ec_plugin=no -+ ;; -+esac ], -+ AC_MSG_RESULT(yes. enabled by default.) -+ check_plugins=1 -+) -+ -+ -+if test $check_plugins -ne 0; then -+ plugins_warn=0 -+ AC_CHECK_HEADERS(dlfcn.h,,plugins_warn=1) -+ AC_SEARCH_LIBS(dlopen, dl c,,plugins_warn=1) -+ -+ if test $plugins_warn -ne 1; then -+ AC_DEFINE(PERMIT_PLUGINS,1) -+ ac_cv_ec_plugin=yes -+ AC_MSG_CHECKING([for gcc option to produce PIC]) -+ if test "$OS" = "MACOSX"; then -+ PICFLAG="-bundle -undefined $ac_cv_ec_undefined -bundle_loader ../../ettercap" -+ elif test "$OS" = "SOLARIS"; then -+ PICFLAG="-fPIC -DPIC -shared" -+ elif test "$OS" = "CYGWIN"; then -+ PICFLAG="-DPIC -shared" -+ else -+ LIBS="$LIBS -rdynamic" -+ PICFLAG="-fPIC -DPIC -shared" -+ fi -+ AC_MSG_RESULT($PICFLAG) -+ AC_SUBST(PICFLAG) -+ else -+ AC_MSG_WARN(***********************************************) -+ AC_MSG_WARN(* Plugins are NOT supported by your system !! *) -+ if test "$OS" = "MACOSX"; then -+ AC_MSG_WARN(* *) -+ AC_MSG_WARN(* You have to install the dlcompat library... *) -+ fi -+ AC_MSG_WARN(***********************************************) -+ ac_cv_ec_plugin=no -+ fi -+fi -+ -+ -+dnl --------- -+dnl -- SSH -- -+dnl --------- -+ -+check_ssh=0 -+AC_ARG_WITH(openssl, [ --with-openssl=DIR use OpenSSL in DIR], -+[ case "$withval" in -+ no) -+ AC_MSG_CHECKING(for OpenSSL) -+ AC_MSG_RESULT(no) -+ ac_cv_ec_ssh=no -+ ;; -+ *) -+ AC_MSG_CHECKING(for OpenSSL in $withval) -+ check_ssh=1 -+ ssl_path=$withval -+ ;; -+ esac ], -+ [ AC_MSG_CHECKING(for OpenSSL in ${prefix}) -+ check_ssh=1 -+ ssl_path=${prefix} -+ ] -+) -+ -+ -+if test $check_ssh -ne 0; then -+ -+ if test -f $ssl_path/include/openssl/ssl.h; then -+ COPTS="$COPTS -I$ssl_path/include" -+ LIBS="$LIBS -L$ssl_path/lib -lssl -lcrypto" -+ AC_DEFINE(HAVE_OPENSSL,1) -+ ac_cv_ec_ssh=yes -+ AC_MSG_RESULT(yes) -+ elif test -f $ssl_path/ssl/include/openssl/ssl.h; then -+ COPTS="$COPTS -I$ssl_path/ssl/include" -+ LIBS="$LIBS -L$ssl_path/ssl/lib -lssl -lcrypto" -+ AC_DEFINE(HAVE_OPENSSL,1) -+ ac_cv_ec_ssh=yes -+ AC_MSG_RESULT(yes) -+ elif test -f /usr/include/openssl/ssl.h; then -+ LIBS="$LIBS -lssl -lcrypto" -+ AC_DEFINE(HAVE_OPENSSL,1) -+ ac_cv_ec_ssh=yes -+ AC_MSG_RESULT(yes) -+ else -+ AC_MSG_RESULT(no) -+ ac_cv_ec_ssh=no -+ AC_MSG_WARN(**********************************************) -+ AC_MSG_WARN(* OpenSSL is NOT installed in your system !! *) -+ AC_MSG_WARN(* SSH support will NOT be available... *) -+ AC_MSG_WARN(**********************************************) -+ fi -+ -+ AC_PATH_PROG(OPENSSL_PATH, "openssl",, "$PATH:/usr/local/ssl/bin") -+ if test -n "$OPENSSL_PATH"; then -+ AC_DEFINE_UNQUOTED(OPENSSL_PATH, "$OPENSSL_PATH") -+ else -+ AC_DEFINE_UNQUOTED(OPENSSL_PATH, "") -+ fi -+ -+fi -+ -+ -+dnl ----------- -+dnl -- HTTTS -- -+dnl ----------- -+ -+AC_MSG_CHECKING([if --enable-https option is specified]) -+AC_ARG_ENABLE(https, [ --enable-https permit https dissection (invasive).], -+[ case "$enableval" in -+ yes) -+ if test "$OS" = "MACOSX" -o "$OS" = "SOLARIS" -o "$OS" = "CYGWIN"; then -+ AC_MSG_RESULT(NOT available on this OS) -+ ac_cv_ec_https=no -+ else -+ AC_DEFINE(PERMIT_HTTPS,1) -+ AC_MSG_RESULT(yes) -+ ac_cv_ec_https=yes -+ fi -+ ;; -+ no) AC_MSG_RESULT(no) -+ ac_cv_ec_https=no -+ ;; -+ esac ], -+ if test "$OS" = "MACOSX" -o "$OS" = "SOLARIS" -o "$OS" = "CYGWIN"; then -+ AC_MSG_RESULT(NOT available on this OS) -+ ac_cv_ec_https=no -+ elif test "$OS" = "OPENBSD" -o "$OS" = "FREEBSD" -o "$OS" = "NETBSD"; then -+ AC_MSG_RESULT(no.) -+ ac_cv_ec_https=no -+ AC_MSG_WARN(***************************************************) -+ AC_MSG_WARN(* HTTPS dissection in in ALPHA state under BSD... *) -+ AC_MSG_WARN(* I discourage you to enable it. *) -+ AC_MSG_WARN(* But if you want use at your own risk *) -+ AC_MSG_WARN(***************************************************) -+ else -+ AC_MSG_RESULT(yes. enabled by default.) -+ AC_DEFINE(PERMIT_HTTPS,1) -+ ac_cv_ec_https=yes -+ fi -+ -+) -+ -+ -+dnl =============== -+dnl FINISHED !! -+dnl =============== -+ -+AC_SUBST(COPTS) -+ -+EC_MESSAGE(Writing output files) -+ -+PLUGINS=`ls ./plugins | grep -v -E "Make|CVS" | awk ' { printf "%s ", $1 } '` -+AC_SUBST(PLUGINS) -+ -+makeplug=`ls ./plugins | grep -v -E "Make|CVS" | awk '{ printf("plugins/%s/Makefile ", $1) }'` -+ -+AC_OUTPUT(ettercap.spec ettercap.8 Makefile $makeplug plugins/Makefile) -+ -+ -+dnl =============== -+dnl THE SUMMARY -+dnl =============== -+ -+ -+EC_MESSAGE(Ettercap has been configured as follow) -+ -+echo "==================================================" -+echo -+ EC_CHECK_OPTION(" Install directory: ",${prefix}) -+echo -+echo -+ EC_CHECK_OPTION(" DEBUG mode ....... ",${ac_cv_ec_debug}) -+ EC_CHECK_OPTION(" NCURSES support .. ",${ac_cv_ec_ncurses}) -+ EC_CHECK_OPTION(" FORM support ..... ",${ac_cv_ec_form}) -+ EC_CHECK_OPTION(" PLUGIN support ... ",${ac_cv_ec_plugin}) -+ EC_CHECK_OPTION(" SSH support ...... ",${ac_cv_ec_ssh}) -+ EC_CHECK_OPTION(" HTTPS support .... ",${ac_cv_ec_https}) -+echo -+echo "==================================================" -+echo -+echo -+echo For a list of all possible make processes, type \`${SB}make help${EB}\` -+echo -+echo -+ -+ -+ -+EC_CHECK_DATE() -+ -diff -uNr ettercap-0.6.4.orig/ettercap.8 ettercap-0.6.4/ettercap.8 ---- ettercap-0.6.4.orig/ettercap.8 Thu Jan 1 01:00:00 1970 -+++ ettercap-0.6.4/ettercap.8 Sat Feb 16 16:50:12 2002 -@@ -0,0 +1,552 @@ -+.\" ettercap -- a ncurses-based sniffer/interceptor utility for switched LAN -+.\" -+.\" Copyright (C) 2001 ALoR , NaGA -+.\" -+.\" This program is free software; you can redistribute it and/or modify -+.\" it under the terms of the GNU General Public License as published by -+.\" the Free Software Foundation; either version 2 of the License, or -+.\" (at your option) any later version. -+.\" -+.\" This program is distributed in the hope that it will be useful, -+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of -+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+.\" GNU General Public License for more details. -+.\" -+.\" You should have received a copy of the GNU General Public License -+.\" along with this program; if not, write to the Free Software -+.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -+.de Sp -+.if n .sp -+.if t .sp 0.4 -+.. -+.TH ETTERCAP "8" "20010906" "ettercap 0.5.4" -+.SH NAME -+.B ettercap 0.5.4 \- A multipurpose sniffer over switched LANs -+ -+.SH SYNOPSIS -+.B ettercap -+[\fIOPTIONS\fR] [\fIHOST:PORT\fR] [\fIHOST:PORT\fR] [\fIMAC\fR] [\fIMAC\fR] -+ -+.SH DESCRIPTION -+Ettercap was born as a sniffer for switched LAN (and obviously even "hubbed" one), -+but during the development process it has gained more and more feature that have -+changed it to a powerful and flexible tool for man-in-the-middle attacks. -+It supports active and passive dissection of many protocols (even ciphered ones) -+and includes many feature for network and host analysis (such as OS fingerprint). -+.PP -+It has five sniffing methods: -+.br -++ IPBASED, the packets are filtered matching IP:PORT source and IP:PORT dest -+.br -++ MACBASED, packets filtered matching the source and dest MAC address. (useful -+to sniff connections through gateway) -+.br -++ ARPBASED, uses arp poisoning to sniff in switched LAN between two hosts -+(full-duplex m-i-t-m). -+.br -++ SMARTARP, uses arp poisoning to sniff in switched LAN from a victim host to all other -+hosts knowing the entire list of the hosts (full-duplex m-i-t-m). -+.br -++ PUBLICARP, uses arp poison to sniff in switched LAN from a victim host to all other -+hosts (half-duplex). -+.br -+With this method the ARP replies are sent in broadcast, but if ettercap has the complete -+host list (on start up it has scanned the LAN) SMARTARP method is automatically selected, -+and the arp replies are sent to all the hosts but the victim, avoiding conflicting MAC -+addresses as reported by win2K. -+.PP -+The most relevant ettercap features are: -+.PP -+.B Characters injection in an established connection : -+you can inject character to server (emulating commands) or to client (emulating replies) -+maintaining the connection alive !! -+.PP -+.B SSH1 support : -+you can sniff User and Pass, and even the data of an SSH1 connection. ettercap is the -+first software capable to sniff an SSH connection in FULL-DUPLEX -+.PP -+.B HTTPS support : -+you can sniff http SSL secured data... and even if the connection is made through a PROXY -+.PP -+.B Plug-ins support : -+You can create your own plugin using the ettercap's API. -+.PP -+.B Password collector for : -+TELNET, FTP, POP, RLOGIN, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, NAPSTER, IRC, RIP, BGP, -+SOCKS 5, IMAP 4, VNC (other protocols coming soon...) -+.PP -+.B Packet filtering/dropping: -+You can set up a filter chain that search for a particular string (even hex) in the TCP -+or UDP payload and replace it with yours or drop the entire packet. -+.PP -+.B OS fingerprint: -+you can fingerprint the OS of the victim host and even its network adapter (it uses the -+nmap (c) Fyodor database) -+.PP -+.B Kill a connection: -+from the connections list you can kill all the connections you want -+.PP -+.B Packet factory: -+You can create and sent packet forged on the fly. The factory let you to forge from Ethernet -+header to application level. -+ -+.PP -+.SH OPTIONS -+Options that make sense together can generally be combined. ettercap will warn the user -+about unsupported option combinations. -+.TP -+.B SNIFFING METHODS -+.TP -+\fB\-a\fR, \fB\-\-arpsniff\fR -+ARP BASED sniffing -+.br -+This is THE sniffing method for switched LAN, and if you want to use the man-in-the-middle -+technique you have to use it. In conjunction with the silent mode (-z option) you must -+specify two IP and two MAC for ARPBASED (full-duplex) or one IP and one MAC for PUBLICARP -+(half-duplex). in PUBLICARP the ARP replies are sent in broadcast, but if ettercap has -+the complete host list (on start up it has scanned the LAN) SMARTARP method is automatically -+selected, and the arp replies are sent to all the hosts but the victim, and an hash table -+is created to re-route back the packet form victim to client obtaining in this way a full-duplex -+man in the middle attack. -+.br -+Filters that have as action a replacement or a drop, can be used only with ARPBASED -+sniffing because it is necessary to re-adjust the sequence number in full-duplex in order -+to maintain the connection alive. -+.TP -+\fB\-s\fR, \fB\-\-sniff\fR -+IP BASED sniffing -+.br -+This is the good old style sniffing method. It rocks on "hubbed" LAN, but useless on switched -+ones. You can choose the target specifying only source, only dest, with or without port, or -+nothing (to sniff all connections). A special ip "ANY" means from or to every host. -+.TP -+\fB\-m\fR, \fB\-\-macsniff\fR -+MAC BASED sniffing (you must select two host for this) -+.br -+Very useful to sniff TCP traffic with remote hosts. On hubbed LANs if you want to sniff a -+connection through a gateway is useless to specify the victim's ip and the gateway's ip, -+because the packet are for an external host, not for the gateway. So you can use this method. -+Simply specify the victim's MAC and the gateway's MAC and you will see all the connections -+from and to the Internet. -+ -+ -+.TP -+.B GENERAL OPTIONS -+.TP -+\fB\-N\fR, \fB\-\-simple\fR -+NON interactive mode (without ncurses) -+.br -+This method is useful if you want to launch ettercap from a script or if you already -+know some informations of your target or if you want to launch ettercap in background -+collecting data or password for you (in combination with the --quiet option). -+.br -+Some features are not available in this method, obviously the ones which requires -+interaction with the user, such as characters injection. But others (for example filtering) -+are fully supported, so you can set up ettercap to poison two host (a victim and its gateway) -+and to filter all its connection on the port 80 and replace some string with others, -+all its traffic to the Internet will be changed as you wish. -+.TP -+\fB\-z\fR, \fB\-\-silent\fR -+start in silent mode (no arp storm on start up) -+.br -+If you want to launch ettercap with a non invasive method (some NIDS may raise a warn -+if they detects too much arp request). You have to know all the requested data of the -+target in order to use this options. For example if you want to poison two host, you need -+the two IP and the two MAC addresses of the victims. -+If you select ipsniff or macsniff this method is automatically selected, because you don't -+need to know the list of the host in the LAN. -+.br -+To know the entire list of the hosts use "ettercap -Nl", but remember that it is a invasive -+method. -+.TP -+\fB\-b\fR, \fB\-\-broadping\fR -+use a broadcast ping instead of arp storm on start up. -+.br -+this method is less intrusive, but even less accurate. some hosts will not respond at the -+broadcast ping (es. Windows) so they remain invisible to this method. Useful if you want to -+scan a LAN with Linux hosts. As usual you can combine this option with --list to have a -+list of the hosts "ettercap -Nlb" -+.TP -+\fB\-D\fR, \fB\-\-delay \fR -+the delay in seconds between the arp replies if you have selected an ARP poison sniffing -+method. This is useful if you want to be less aggressive in the poisoning. On many OS the -+default validity interval of the arp cache is more than a minute (on FreeBSD is 1200 sec). -+.br -+The default delay value is 30 sec. -+.TP -+\fB\-Z\fR, \fB\-\-stormdelay \fR -+the delay in micro-seconds between the arp request on arp storm at start up. -+This is useful if you want to be less aggressive in the scanning. Many IDS will report -+massive arp request, but if you send them in a slower rate, they will not report any strange -+behavior. -+.br -+The default delay value is 1500 usec. -+.TP -+\fB\-S\fR, \fB\-\-spoof \fR -+If you want to elude some IDS, you can specify a spoofed IP used to scan the LAN with -+arp request. The source MAC can't be spoofed because a well configured switch will block -+your request. -+.TP -+\fB\-H\fR, \fB\-\-hosts \fR -+on start up, scan only these hosts. -+.br -+this is useful if you want to use an ARP scanning of the LAN but only on certain IPs. -+so you can benefit from a ARP scan but remaining less invasive. -+Useful even if you want to do PUBLIC ARP but you want to poison only specific hosts. -+since with a list PUBLIC ARP is automatically converted to SMARTARP, only these host -+will be poisoned and you can leave untouched the arp caches of the other hosts. -+.br -+the IP list must be in dotted notation and separated by comma (without black spaces -+between them), you can use wildcards. -+.br -+eg: 192.168.0.2? --> from 20 to 29 -+.br -+ 192.168.0.1* --> host 1, from 10 to 19 and from 100 to 199 -+.TP -+\fB\-d\fR, \fB\-\-dontresolve\fR -+don't resolve IPs on start up. this is useful if you experience an insane "Resolving -+n hostnames..." message on start up. This is due to a very slow DNS in your environment. -+.TP -+\fB\-i\fR, \fB\-\-iface \fR -+network interface to be used for all the operation. you can even specify network aliases -+in order to scan a subnet with different ip form your current one. -+.TP -+\fB\-n\fR, \fB\-\-netmask \fR -+the netmask used to scan the LAN. (in dotted notation). the default is your current -+ifconfig netmask. but your netmask is for example 255.255.0.0 I encourage you to specify -+a more restrictive one, if you managed to do an ARP scanning on start up. -+.TP -+\fB\-e\fR, \fB\-\-etterconf \fR -+use the config file instead of command line options -+.br -+etter.conf example file is packaged in the tarball, refer to it to know how to write a -+config file. all the instruction are written in this example. via the conf file you -+can disable selectively one protocol dissector or move it on one other port. -+.br -+command line options and config file can be mixed for much flexibility, but remember -+that the options in the config file override the command line, so if in etter.conf -+you have specified IFACE: eth0, and you launch "ettercap -i eth1 -e etter.conf" -+the selected iface will be eth0. -+.br -+NOTE: the "-e etter.conf" options has to be specified after all other options. -+.TP -+\fB\-v\fR, \fB\-\-version\fR -+check for the latest ettercap version. -+.br -+All operation are under your control. Every step requires a user confirmation. -+With this option ettercap will connect to the http://ettercap.sourceforge.net:80 web -+side and ask for the page /latest.php. then the result are parsed and compared with -+your current version. If there is a newer version available, ettercap will ask you if -+you want to wget it. (wget must be in the path). -+.br -+If you want to automatically answer yes at all the question add the option -y -+.TP -+\fB\-h\fR, \fB\-\-help\fR -+prints the help screen with a short summary of the available options. -+ -+ -+ -+.TP -+.B SILENT MODE OPTIONS (only combined with -N) -+.TP -+\fB\-u\fR, \fB\-\-udp\fR -+sniff only UDP packets (default is TCP). -+This option is only useful in "simple" mode, if you start ettercap in interactive mode -+both TCP and UDP are sniffed. -+.TP -+\fB\-R\fR, \fB\-\-reverse\fR -+sniff all the connection but the selected one. This option is useful if you are using -+ettercap on a remote machine and you want to sniff all the traffic but you connection from -+local to remote, because including it will sniff even the ettercap output and it will be -+screwed up... -+.TP -+\fB\-p\fR, \fB\-\-plugin \fR -+run the plugin "NAME". -+.br -+most plugins need a destination host. simply specify it after plugin name, in fact -+hosts are parsed on command line as first the DEST and so the SOURCE. -+.br -+To have a list of the available plugins use "list" (without quotes) as plugin name. -+.br -+More detailed info about plugins and about how to write your own are found in the -+README.PLUGINS file. -+.Sp -+Currently these plugins are shipped with the official distro: -+.Sp -+ arpcop -- Report suspicious ARP replies (developed by acelent) -+.br -+ banshee -- They kill without discretion... -+.br -+ dummy -- Dummy plugin. It does nothing ! (only a template) -+.br -+ golem -- nice D.O.S. BE CAREFUL !! -+.br -+ leech -- Isolate a host from the LAN -+.br -+ lurker -- try to search for other ettercap -+.br -+ imp -- Retrieves some Windows names -+.br -+ ooze -- Ping a host -+.br -+ phantom -- Sniff/Spoof DNS requests -+.br -+ shadow -- A very simple SYN/TCP port scanner -+.br -+ spectre -- flood a switched LAN with random MAC addresses -+.br -+ triton -- Try to discover the LAN's gateway -+.TP -+\fB\-l\fR, \fB\-\-list\fR -+lists all the hosts in the LAN, reporting each MAC address. -+.br -+Commonly combined options are -b (for broadcast ping) and -d (don't resolve hostname). -+.TP -+\fB\-C\fR, \fB\-\-collect\fR -+collect all users and password from the hosts specified on command line. -+.br -+Password collector are configured in the config file (etter.conf), if you want -+you can disable them selectively or move them on other port. This is useful if you -+don't want to sniff SSH connection (the key change alert will raise suspects) but -+want to sniff all other supported protocols. Or even if you know that a host has the -+telnet service on port 4567, simply move the telnet dissector on 4567/tcp -+.TP -+\fB\-f\fR, \fB\-\-fingerprint \fR -+do OS fingerprinting on HOST. -+.br -+This option uses the same database and the same method used by -+.I nmap (c) Fyodor -+so I report a piece of its man page : -+.Sp -+This option activates remote host identification via TCP/IP fingerprinting. In other -+words, it uses a bunch of techniques to detect subtleties in the underlying operating -+system network stack of the computers you are scanning. It uses this information to -+create a 'fingerprint' which it compares with its database of known OS fingerprints -+(the nmap-os-fingerprints file) to decide what type of system you are scanning. -+.Sp -+the -f options even provides you the vendor of the network adapter of the scanned host. -+the info are stored in the mac-fingerprints database. -+.TP -+\fB\-x\fR, \fB\-\-hexview\fR -+to dump data in hex mode. -+.br -+TIP: while sniffing you can change the visualization mode by hitting 'a' for ascii or 'x' for hex. -+on line help is recalled by 'h'. -+.TP -+\fB\-L\fR, \fB\-\-logtofile\fR -+if used alone logs all data to specific file(s). it crates a separate file for each connection -+in the form "YYYYMMDD-P-IP:PORT-IP:PORT.log" -+.br -+if used with -C (collector) it creates a file with all the password sniffed in the session in -+the form "YYYYMMDD-collected-pass.log" -+.TP -+\fB\-q\fR, \fB\-\-quiet\fR -+"demonize" ettercap. -+.br -+useful if you want to log all data in background. this options will detach -+ettercap from the current tty and set it as a demon collecting data to files. it must be -+combined with -NL (or -NLC) otherwise it has no effects. Obviously the sniffing method -+is required, so you have to combine it with this option. -+.TP -+\fB\-k\fR, \fB\-\-newcert\fR -+create a new cert file for HTTPS man-in-the-middle. -+.br -+useful if you want to create a certfile with social engineered information... -+.br -+the new file is created in the current working directory. to permanently substitute the -+default cert file (etter.sll.crt) you have to overwrite /usr/share/ettercap/etter.ssl.crt -+.TP -+\fB\-F\fR, \fB\-\-filter \fR -+load the filters chains from FILENAME -+.br -+the Filtering chains file is written in pseudo XML format. You can write by hand this -+file or (better) use the ncurses interface to let ettercap create it (press 'F' in the -+connection list interface). If you are skilled in XML parsing, you can write your own -+program to make a filter chain file. -+.Sp -+the rules are simple: -+.Sp -+If the proto AND the source port AND the dest port AND the payload -+match the rules, after the filter as done its action , it jumps in the chain -+to the filter id specified in the field, else it jumps to . -+If these field are left blank the chain is interrupted. Source and dest port equal to -+0 (zero) means ANY port. You can use wildcards in the search string (see README for detail) -+.Sp -+NOTE: with this options filter are enabled by default, if you want to -+disable them on the fly, press "S" (for source) or "D" (for dest) while sniffing -+.Sp -+NOTE: on command line the hosts are parsed as "ettercap -F etter.filter DEST SOURCE", so -+the first host is bound to the dest chain and the second to the source chain. -+.Sp -+VERY IMPORTANT: the source chain is applied to data COMING FROM source and NOT GOING TO -+source. keep this in mind !! the same is for dest... -+.TP -+\fB\-c\fR, \fB\-\-check\fR -+check if you were poisoned by other poisoners in the LAN -+.TP -+\fB\-t\fR, \fB\-\-linktype\fR -+check if you are on a switched LAN or not... Sometimes this discovery method can fail. -+don't trust it at 100% -+ -+ -+.SH TARGET SPECIFICATION -+The targets are parsed on command line in reverse order. The first host is the DEST and the -+second is the SOURCE. this doesn't care if you are sniffing in ip based mode, because -+source and dest are ignored, but if you are filtering the connection this is crucial for -+the binding of the related filter chain. -+.br -+The reverse order is due to a more intuitive interface for plugins. because some plugins -+need the dest host to be specified, it is simpler to type: -+"ettercap -Np ooze victim" than "ettercap -Np ooze NOONE victim". -+.br -+The targets can be specified in dotted notation (192.168.0.1) or with their symbolic name -+(victim.mynet.org). Only within the -H (--hosts) option you can use wildcards. -+ -+ -+.SH INTERACTIVE MODE -+The interactive mode (ncurses mode) is automatically selected if ettercap is launched -+without the option -N . Explain what you can do with it will take pages and pages... and I'm -+not a good writer... so if you don't know what can you do in some circumstances, simply -+press 'H' and a help screen will popup. there you can find a detailed list of all available -+commands. -+ -+ -+.SH EXAMPLES -+Here are some examples of using ettercap. -+.TP -+.B ettercap -b -+.Sp -+On startup use broadcast ping to scan the LAN instead of ARP request all the -+subnet IPs. -+.TP -+.B ettercap -H "192.168.0.?,192.168.0.3?,192.168.0.2*" -+.Sp -+On startup scan only the host 192.168.0.1-9, 192.168.0.30-39, 192.168.0.2, -+192.168.0.20-29 and 192.168.0.200-255. -+if the PUBLICARP method will be selected only these host will be poisoned. -+.TP -+.B ettercap -s 192.168.0.1 192.168.0.2 -+.Sp -+Enter the interactive mode and sniff only the connections between 192.168.0.1 and 192.168.0.2 -+.TP -+.B ettercap -Nzs -F etter.filter 192.168.0.1 192.168.0.2 -+.Sp -+Load filter from etter.filter and activate them on all the connection between 192.168.0.1 -+and 192.168.0.2 . Only Log action will be supported because it is a -s (ipsniffing) method. -+192.168.0.1 is bound to the dest chain and 192.168.0.2 to the source one. -+To enable even the replacement and drop actions you have to launch "ettercap -Nza -F -+etter.filter IP IP MAC MAC" -+.TP -+.B ettercap -zs -e etter.conf -+.Sp -+Use the ip based sniffing mode and load the other option from the config file (etter.conf). -+Note that options in the file override command line. -+.TP -+.B ettercap -Nzs victim.my.net ANY:80 -+.Sp -+Sniffs in console mode (non interactive) only the connection to and from "victim.my.net" -+starting or ending to all other hosts but on port 80 (www). data are dumped in ASCII -+mode. to dump in HEX mode add the -x option. -+.TP -+.B ettercap -NRzs remote.host.net:23 my.local.host.com -+.Sp -+Useful to sniffs in console mode (non interactive) all the connection on a remote LAN -+on which you are executing ettercap. this example will prevent to show your telnet (:23) -+connection from "my.local.host.com" to "remote.host.net". -+.TP -+.B ettercap -Nclt -+.Sp -+This will provide you the entire list of hosts in the LAN. Will check if someone is -+poisoning you and will report its IP. Will tell you if you are on a switched LAN or not. -+.TP -+.B ettercap -NCLzs --quiet -+.Sp -+This will detach ettercap from console and log to a file all the collected password. -+Only works if the LAN is hubbed, or if collected password are directed to your host. -+.TP -+.B ettercap -NCza -D 100 192.168.0.1 192.168.0.2 55:23:A5:B4:C7:89 00:A3:56:FE:4F:6D -+.Sp -+Collect password to stdout on a switched LAN. this will poison the two host 192.168.0.1 -+and 192.168.0.2 each other. The delay between arp replies is set to 100 sec. -+.TP -+.B ettercap -Np triton -+.Sp -+Launch the plugin "triton" that will try to passively search for the LAN gateway. -+.TP -+.B ettercap -Np ooze victim.mynet.org -+.Sp -+Launch the plugin "ooze" that will portscan the host "victim.mynet.org" that will be translated -+with the right IP -+ -+.SH PLATFORMS -+Linux 2.0.x 2.2.x 2.4.x -+.br -+FreeBSD 4.x -+.br -+OpenBSD 2.[789] -+.br -+NetBSD 1.5 -+.br -+Mac OS X (darwin 1.3) -+ -+ -+.SH FILES -+/usr/share/ettercap/etter.conf - the config file -+.br -+/usr/share/ettercap/etter.filter - the filter chains -+.br -+/usr/share/ettercap/etter.ssl.crt - the SSL certificate for HTTPS m-i-t-m -+.br -+/usr/share/ettercap/mac-fingerprints - the network adapter vendor database -+.br -+/usr/share/ettercap/nmap-os-fingerprints - the nmap (c) Fyodor os fingerprint -+.br -+/usr/doc/ettercap-0.5.4/* - the DOCUMENTATION -+ -+ -+.SH AUTHORS -+Alberto Ornaghi (ALoR) -+.br -+Marco Valleri (NaGA) -+ -+ -+.SH AVAILABILITY -+http://ettercap.sourceforge.net/download/ -+.Sp -+Or if you want to do an automatic check of the latest version try "ettercap -vy" -+ -+ -+.SH BUGS -+Our software never has bugs. -+.br -+It just develops random features. ;) -+.PP -+.B KNOWN-BUGS -+.PP -+- It is better that you don't launch ettercap on a host that is a gateway -+because it needs to disable ip_forwarding, it may cause problem with routing. -+.PP -+- You cannot use plugins on yourself. outgoing link layer packets are not -+captured by the same socket, so they will be ignored. -+.PP -+- While poisoning on a switched LAN, ettercap won't sniff the traffic made -+by your host to others. the technical reason is: otherwise ettercap will -+forward your packets two time (and this is not good...) the artistic -+reason is: why sniffing yourself with a man-in-the-middle method ? use -+simple sniffing instead ! ;) -+.PP -+- While sniffing in Public ARP mode, ettercap can "view" only one way of -+the connection, so some protocol dissectors can fail... -+.PP -+- under X11 resizing the xterm can give a corrupted visualization of the -+interface. SIGWINCH is *partially* supported. -+.PP -+- ettercap doesn't handle fragmented packets... only the first segment -+will be displayed by the sniffer. However all the fragments are correctly -+forwarded. -+.PP -++ please send bug-report, patches or suggestions to -+or visit http://ettercap.sourceforge.net/forum/ and post it in the BUGS section. -+.PP -++ to report a bug, recompile ettercap with 'configure --enable-debug' -+and attach ettercap_debug.log to the mail in which U explain the problem. -diff -uNr ettercap-0.6.4.orig/ettercap.spec ettercap-0.6.4/ettercap.spec ---- ettercap-0.6.4.orig/ettercap.spec Thu Jan 1 01:00:00 1970 -+++ ettercap-0.6.4/ettercap.spec Sat Feb 16 16:50:12 2002 -@@ -0,0 +1,40 @@ -+%define prefix /usr -+ -+Summary: ettercap is a ncurses-based sniffer/interceptor utility -+Name: ettercap -+Version: 0.5.4 -+Release: 1 -+Serial: 20010906 -+Packager: ALoR -+Source: http://ettercap.sourceforge.net/download/%{name}-%{version}.tar.gz -+URL: http://ettercap.sourceforge.net/ -+License: GPL -+Group: Networking/Utilities -+Prefix: %{prefix} -+Buildroot: %{_tmppath}/%{name}-%{version}-root -+ -+%description -+ettercap is a multipurpose sniffer/interceptor/logger for switched or "hubbed" LAN. -+ -+%prep -+%setup -q -+ -+%build -+./configure --prefix=%{prefix} --disable-debug --mandir=%{_mandir} -+make -+make plug-ins -+ -+%install -+rm -rf $RPM_BUILD_ROOT -+make install DESTDIR=$RPM_BUILD_ROOT -+make plug-ins_install DESTDIR=$RPM_BUILD_ROOT -+ -+%clean -+rm -rf $RPM_BUILD_ROOT -+ -+%files -+%defattr(-,root,root) -+%{_mandir}/man8/* -+%doc COPYING README README.PLUGINS HISTORY CHANGELOG AUTHORS TODO THANKS KNOWN-BUGS PORTINGS -+%{prefix}/bin/* -+%{prefix}/share/ettercap/* -- 2.43.0