Ettercap

Anyone in the information security field is likely to be familiar with a tool called Ettercap. Ettercap is a tool built around ARP poisoning/MiM functionality; it’s very similar to Dsniff, only has much more functionality. Here’s the official short description:

“Ettercap is a suite for man in the middle attacks on a LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.”

Commands

The older version of the tool was a lot more intuitive in my opinion, but the new version (NG) has a lot more power once you get a handle on the commands. As usual, my whole reason for writing this is so I can use it for a reference.

Sources and Destinations

From the manpage:

TARGET is in the form MAC/IPs/PORTs. If you want you can omit any of its parts and this will represent an ANY in that part. e.g.:

“//80” means ANY mac address, ANY ip and ONLY port 80

“/10.0.0.1/” means ANY mac address, ONLY ip 10.0.0.1 and ANY port

Related posts: