This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: ETTER.CONF(5) ETTER.CONF(5) NAME etter.conf- Ettercap configuration file DESCRIPTION etter.conf is the configuration file that determines ettercap behaviour. It is always loaded at startup and it configures some attributes used at runtime. The file contains entries of the form: [section] entry = value ... Each entry defines a variable that can be customized. Every value MUST be an integer. Sections are used only to group together some variables. NOTE: if you omit a variable in the conf file, it will be initialized with the value 0. It is strongly discour- aged to not initialize critical variables such as "arp_poison_delay" or "connection_timeout". The following is a list of available variables: [privs] ec_uid This variable specifies the UID to which privileges are dropped at startup. After the socket at link layer has been opened the privileges are dropped to a specific uid different from root for security reasons. etter.conf is the only file that is read with root privs. Be sure that the specified uid has enough privs to read other files (etter.*) You can bypass this variable by setting the environment variable EC_UID. [mitm] arp_storm_delay The value represents the milliseconds to wait between two consecutive packets during the initial ARP scan. You can increment this value to be less aggressive at startup. The randomized scan plus a high delay can fool some types of ARP scan detectors. arp_poison_warm_up When the poisoning process starts, the inter-packet delay is low for the first 5 poi- sons (to be sure the poisoning process has been successful). After the first 5 poi- sons, the delay is incremented (to keep up the poisoning). This variable controls the delay for the first 5 poisons. The value is in seconds. The same delay is used when the victims are restored to the original associations (RE-ARPing) when ettercap is closed. arp_poison_delay This variable controls the poisoning delay after the first 5 poisons. The value is expressed in seconds. You can increase this value (to try to fool the IDS) up to the timeout of the ARP cache (which depends on the poisoned operating system). arp_poison_icmp Enable the sending of a spoofed ICMP message to force the targets to make an arp request. This will create an arp entry in the host cache, so ettercap will be able to win the race condition and poison the target. Useful against targets that don’t accept gratuitous arp if the entry is not in the cache....
View Full Document
This note was uploaded on 07/15/2009 for the course NA MAT taught by Professor 100 during the Spring '09 term at University of Illinois at Urbana–Champaign.
- Spring '09