# ettercap weird experiment

## d2_racing

Hi everyone, I'm testing ettercap dns_spoof feature inside my lab at work.

I use the etter.dns file with FreeBSD 7.1 and I'm testing the result on a Windows XP laptop, a laptop ~amd64  running Gentoo Linux 2.6.30-Gentoo-r1 kernel and a laptop with CentOs 5.x too.

The result, is that Windows and my Gentoo laptop are getting hack with ettercap and the CentOs doesn't ?

I'm using the // for the IP adress.

So is this kernel related or not ?

Any info or explanation about that ?

Thanks  :Razz: 

----------

## Inodoro_Pereyra

My first tought would be DNS cache on that CentOs Laptop.

Are you trying to spoof always the same site? Most probably CentOs have the ip number cached so it won't use DNS at all to establish the connection...

Cheers!

----------

## Suicidal

You could try nscd on your gentoo box.

I comment out everything but hosts in /etc/nscd.conf so it only caches hosts.

I have had issues with passwd and group on portage installs so I always comment them out.

----------

## d2_racing

Nope, it's not a cache problem. I formatted that laptop and the first time that I used the net, I spoofed all the sites, so for an unknown reason, I cannot corrup the dns query.

I don't spoof a specific site, I use this instead :

www.* A 172.31.32.11 

for example.

----------

## d2_racing

I got finally working, the CentOs had the dns setting hardcoded inside the network preference.

So everything is working now.

----------

