2

I use Kali linux VirtualBox VM with its network adapter attached to NAT.

I checked that it is connected to the internet [made a simple apt-get update].

I run this command in a terminal:

for ip in $(seq 1 254); do ping -c 1 192.168.2.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.2.$ip UP" || : ; done

And it returned:

  • 192.168.2.1 [the router]
  • 192.168.2.2 [android phone or box]
  • 192.168.2.3 [android phone or box]
  • 192.168.2.6 [kali VM, I got it from the Win10 host with ipconfig]

I have an android phone and a tv box on the LAN. I just want to capture the phone traffic to learn the MiTM attack.

So I run:

ettercap -Tqi eth0 -M arp /192.168.2.2// /192.168.2.1-10//

[for now I suppose 192.168.2.2 is the phone] and it returns:

ettercap 0.8.2 copyright 2001-2015 Ettercap Development Team

Listening on:
  eth0 -> 05:00:15:28:06:D4
      10.0.2.15/255.255.255.0
      fe90::a00:28ff:fe28:6d4/64

SSL dissection needs a valid 'redir_command_on' script in the etter.conf file
Ettercap might not work correctly. /proc/sys/net/ipv6/conf/eth0/use_tempaddr is not set to 0.
Privileges dropped to EUID 65534 EGID 65534...

  33 plugins
  42 protocol dissectors
  57 ports monitored
20388 mac vendor fingerprint
1766 tcp OS fingerprint
2182 known services
Lua: no scripts were specified, not starting up!

Scanning for merged targets (10 hosts)...

* |==================================================>| 100.00 %

0 hosts added to the hosts list...

FATAL: ARP poisoning needs a non empty hosts list.

I found here that 'If you run it on an interface that is enabled, but not connected to a network, Ettercap will complain that "ARP poisoning needs a non empty hosts list"' .

How can I check which is the case with the eth0 interface?

Jedi
  • 3,906
  • 2
  • 24
  • 42
Kostas Demiris
  • 121
  • 1
  • 1
  • 3

2 Answers2

4

The problem is that you are using the NAT adapter. ARP spoofing relies on the Address Resolution Protocol (ARP), which functions between layers 2 and 3 of the OSI model. Since you are behind a NAT, your Kali machine and the target machines are on two distinct layer 2 subnets, and ARP will not traverse both subnets.

The solution would be to use a bridged adapter instead, so that all machines are on the same subnet.

multithr3at3d
  • 12,355
  • 3
  • 29
  • 42
1

After adding the targets, scan for the hosts (ctrl+s) then see the hosts list. You should see your target's IP. Then select each IP and them to respective targets. Then simply start your ARP poisoning.

schroeder
  • 123,438
  • 55
  • 284
  • 319