Ettercap is a comprehensive suite for man-in-the-middle attacks on LANs. It features sniffing of live connections, content filtering on the fly, and many other interesting capabilities. Supporting both active and passive dissection of numerous protocols, Ettercap is essential for security professionals testing network resilience against MITM attacks and analyzing network traffic.
📑 Table of Contents
Key Features
- ARP Poisoning – Redirect traffic through your machine
- Protocol Dissection – Analyze HTTP, FTP, SSH, and more
- Content Filtering – Modify data in transit
- Password Collection – Extract credentials from network traffic
- Plugin System – Extend functionality with plugins
- Multiple Interfaces – Text, ncurses, and GTK GUI modes
Installation
# Debian/Ubuntu
sudo apt install ettercap-graphical
# RHEL/CentOS/Fedora
sudo dnf install ettercap
# Arch Linux
sudo pacman -S ettercap
# Kali Linux (pre-installed)
ettercap --helpCommon Usage Examples
# Text mode ARP poisoning
sudo ettercap -T -M arp:remote /target1// /target2//
# GUI mode
sudo ettercap -G
# Sniff on interface
sudo ettercap -T -i eth0
# Use specific plugin
sudo ettercap -T -M arp -P autoadd /192.168.1.1// ///
# Log output to file
sudo ettercap -T -w output.pcap -M arp /target//Security Testing
Ettercap includes filters for modifying packets, plugins for DNS spoofing, OS fingerprinting, and SSL stripping. Use only on networks you own or have explicit authorization to test.
Use Cases
Ettercap is used for security audits, demonstrating MITM vulnerabilities, network forensics, protocol analysis, and teaching network security concepts.
Was this article helpful?