This file is indexed.

/etc/ettercap/etter.mdns is in ettercap-common 1:0.8.2-10build4.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
############################################################################
#                                                                          #
#  ettercap -- etter.mdns -- host file for mdns_spoof plugin               #
#                                                                          #
#  Copyright (C) ALoR & NaGA                                               #
#                                                                          #
#  This program is free software; you can redistribute it and/or modify    #
#  it under the terms of the GNU General Public License as published by    #
#  the Free Software Foundation; either version 2 of the License, or       #
#  (at your option) any later version.                                     #
#                                                                          #
############################################################################
#                                                                          #
# Sample hosts file for mdns_spoof plugin                                  #
#                                                                          #
# the format is (for A query):                                             #
#   www.myhostname.com A 168.11.22.33                                      #
#   *.foo.com          A 168.44.55.66                                      #
#                                                                          #
# ... for a AAAA query (same hostname allowed):                            #
#   www.myhostname.com AAAA 2001:db8::1                                    #
#   *.foo.com          AAAA 2001:db8::2                                    #
#                                                                          #
# or for PTR query:                                                        #
#   www.bar.com    PTR 10.0.0.10                                           #
#   www.google.com PTR ::1                                                 #
#                                                                          #
# or for SRV query (either IPv4 or IPv6):                                  #
#    service._tcp|_udp.domain SRV 192.168.1.10:port                        #
#    service._tcp|_udp.domain SRV [2001:db8::3]:port                       #
#                                                                          #
# NOTE: the wildcarded hosts can't be used to poison the PTR requests      #
#       so if you want to reverse poison you have to specify a plain       #
#       host. (look at the www.microsoft.com example)                      #
#                                                                          #
############################################################################

################################
# microsoft sucks ;)
# redirect it to www.linux.org
#

microsoft.com      A   198.182.196.56
*.microsoft.com    A   198.182.196.56
www.microsoft.com  PTR 198.182.196.56      # Wildcards in PTR are not allowed

##########################################
# normally .local is dedicated use for mDNS
# try to redirect the router admin

router.local       A    192.168.0.25
router.local       AAAA 2001:db8::25       # our router supports also IPv6
router.local       PTR  192.168.0.25
router.local       PTR  2001:db8::25


###############################################
# some service discovery examples

xmpp-server._tcp.jabber.org SRV 192.168.1.10:5269     
domain._udp.local SRV [2001:db8:c001:beef::1]:53   



# vim:ts=8:noexpandtab