/usr/share/ettercap/etter.filter is in ettercap-common 1:0.8.2-2build1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | ############################################################################
# #
# ettercap -- etter.filter -- filter source file #
# #
# Copyright (C) ALoR & NaGA #
# #
# This program is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 2 of the License, or #
# (at your option) any later version. #
# #
############################################################################
##
#
# This filter will substitute the word 'ethercap' with 'ettercap' and
# will log the content of the packet in /tmp/mispelled_ettercap.log
# It is only a dummy example.
##
if (ip.proto == TCP && search(DATA.data, "ethercap") ) {
log(DATA.data, "/tmp/mispelled_ettercap.log");
replace("ethercap", "ettercap");
msg("Correctly substituted and logged.\n");
}
|