I am trying to do a sniffing attack and I want to save a .pcap file with the result of the analysis. I use this command:
bettercap --interface eth0 -X --proxy --sniffer-output /root/Escritorio/file.pcap
But when I open the file, it's empty.
Why it is this happening? How can I solve it?
Is it possible that your ethernet port isn't yielding anything? Try it with another interface e.g. wlan0 to see if that yields anything.
A suggestion: I think you're using the legacy version of bettercap. There's a new version (https://www.bettercap.org/) that takes less space, is more reliable, and faster - according to the website. If you got bettercap by typing "apt-get", that's going to download the old version.
With latest version of bettercap run the following to log to a file with -no-colors e.g.:
bettercap -no-colors -eval "events.stream off; set events.stream.output ~/bettercap-events.log; events.stream on"
Or one can just run the eval commands in the console if it's already running. According to this issue post one needs to restart the events.stream to get logging to a file to work.
