Ettercap – comprehensive suite for man in the middle attacks

Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks.

It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.

Ettercap NG uses the unified sniffing method which is the base for all the attacks.

Data injection in an established connection and filtering (substitute or drop a packet) on the fly is also possible, keeping the connection synchronized.

Many sniffing modes were implemented to give you a powerful and complete sniffing suite. It’s possible to sniff in four modes: IP Based, MAC Based, ARP Based (full-duplex) and PublicARP Based (half-duplex).

It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.

Features include:

  • IP-based: packets are filtered based on IP source and destination.
  • MAC-based: packets are filtered based on MAC address, useful for sniffing connections through a gateway.
  • ARP-based: uses ARP poisoning to sniff on a switched LAN between two hosts (full-duplex).
  • PublicARP-based: uses ARP poisoning to sniff on a switched LAN from a victim host to all other hosts (half-duplex).

The software also offers the following features:

  • Character injection into an established connection: characters can be injected into a server
    (emulating commands) or to a client (emulating replies) while maintaining a live connection.
  • SSH1 support: the sniffing of a username and password, and even the data of an SSH1 connection. Ettercap is the first software capable of sniffing an SSH connection in full duplex.
  • HTTPS support: the sniffing of HTTP SSL secured data–even when the connection is made through a proxy.
  • Remote traffic through a GRE tunnel: the sniffing of remote traffic through a GRE tunnel from a remote Cisco router, and perform a man-in-the-middle attack on it.
  • Plug-in support: creation of custom plugins using Ettercap’s API.
  • Password collectors for: TELNET, FTP, POP, IMAP, rlogin, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, Napster, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, Half-Life, Quake 3, MSN, YMSG.
  • Packet filtering/dropping: setting up a filter that searches for a particular string (or hexadecimal sequence) in the TCP or UDP payload and replaces it with a custom string/sequence of choice, or drops the entire packet.
  • OS fingerprinting: determine the OS of the victim host and its network adapter.
  • Kill a connection: killing connections of choice from the connections-list.
  • Passive scanning of the LAN: retrieval of information about hosts on the LAN, their open ports, the version numbers of available services, the type of the host (gateway, router or simple PC) and estimated distances in number of hops.
  • Hijacking of DNS(Domain Name System) requests.
  • Ettercap also has the ability to actively or passively find other poisoners on the LAN.

Website: www.ettercap-project.org
Support: GitHub Code Repository
Developer: Alberto Ornaghi and Marco Valleri
License: GNU GPL v2

Ettercap is written in C. Learn C with our recommended free books and free tutorials.

Return to Network Analyzers Home Page | Return to Passive OS Fingerprinting Tools Home Page


Popular series
Guide to LinuxNew to Linux? Read our Linux for Starters series. We start right at the basics and teach you everything you need to know to get started with Linux.
Free and Open Source SoftwareThe largest compilation of the best free and open source software in the universe. Each article is supplied with a legendary ratings chart helping you to make informed decisions.
ReviewsHundreds of in-depth reviews offering our unbiased and expert opinion on software. We offer helpful and impartial information.
Alternatives to Proprietary SoftwareReplace proprietary software with open source alternatives: Google, Microsoft, Apple, Adobe, IBM, Autodesk, Oracle, Atlassian, Corel, Cisco, Intuit, and SAS.
Linux Around The WorldLinux Around The World showcases events and usergroups that are relevant to Linux enthusiasts.
AudioSurveys popular streaming services from a Linux perspective: Amazon Music Unlimited, Myuzi, Spotify, Deezer, Tidal.
Saving Money with LinuxSaving Money with Linux looks at how you can reduce your energy bills running Linux.
System ToolsEssential Linux system tools focuses on small, indispensable utilities, useful for system administrators as well as regular users.
ProductivityLinux utilities to maximise your productivity. Small, indispensable tools, useful for anyone running a Linux machine.
Home ComputersHome computers became commonplace in the 1980s. Emulate home computers including the Commodore 64, Amiga, Atari ST, ZX81, Amstrad CPC, and ZX Spectrum.
Now and ThenNow and Then examines how promising open source software fared over the years. It can be a bumpy ride.
Linux at HomeLinux at Home looks at a range of home activities where Linux can play its part, making the most of our time at home, keeping active and engaged.
Linux CandyLinux Candy reveals the lighter side of Linux. Have some fun and escape from the daily drudgery.
DockerGetting Started with Docker helps you master Docker, a set of platform as a service products that delivers software in packages called containers.
Android AppsBest Free Android Apps. We showcase free Android apps that are definitely worth downloading. There's a strict eligibility criteria for inclusion in this series.
Programming BooksThese best free books accelerate your learning of every programming language. Learn a new language today!
Programming TutorialsThese free tutorials offer the perfect tonic to our free programming books series.
Stars and StripesStars and Stripes is an occasional series looking at the impact of Linux in the USA.
Share this article

Share your Thoughts

This site uses Akismet to reduce spam. Learn how your comment data is processed.