Ettercap (software)

Quality 0.50 · 2 views · Updated 2 months ago

Network traffic analysis and interception software

title: "Ettercap (software)" type: doc version: 1 created: 2026-02-28 author: "Wikipedia contributors" status: active scope: public tags: ["network-analyzers", "unix-network-related-software", "packet-analyzer-software-that-uses-gtk", "linux-network-related-software"] description: "Network traffic analysis and interception software" topic_path: "technology/operating-systems" source: "https://en.wikipedia.org/wiki/Ettercap_(software)" license: "CC BY-SA 4.0" wikipedia_page_id: 0 wikipedia_revision_id: 0

::summary Network traffic analysis and interception software ::

::data[format=table title="Infobox software"]

FieldValue
nameEttercap
screenshotEttercap.png
authorEttercap Dev. Team, ALoR, NaGA
releasedJanuary 25, 2001
latest release version
latest release date
latest preview version
latest preview date
programming languageC
operating systemCross-platform
languageEnglish
genreComputer security
licenseGNU General Public License
website
::

| name = Ettercap | logo = | screenshot = Ettercap.png | caption = | author = Ettercap Dev. Team, ALoR, NaGA | developer = | released = January 25, 2001 | latest release version = | latest release date = | latest preview version = | latest preview date = | programming language = C | operating system = Cross-platform | platform = | language = English | genre = Computer security | license = GNU General Public License | website =

Ettercap is a free and open source network security tool for man-in-the-middle attacks on a LAN. It can be used for computer network protocol analysis and security auditing. It runs on various Unix-like operating systems including Linux, Mac OS X, BSD and Solaris, and on Microsoft Windows. It is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols. Its original developers later founded Hacking Team.

Functionality

Ettercap works by putting the network interface into promiscuous mode and by ARP poisoning the target machines. Thereby it can act as a 'man in the middle' and unleash various attacks on the victims. Ettercap has plugin support so that the features can be extended by adding new plugins.

Features

Ettercap supports active and passive dissection of many protocols (including ciphered ones) and provides many features for network and host analysis. Ettercap offers four modes of operation:

  • IP-based: packets are filtered based on IP source and destination.
  • MAC-based: packets are filtered based on MAC address, useful for sniffing connections through a gateway.
  • ARP-based: uses ARP poisoning to sniff on a switched LAN between two hosts (full-duplex).
  • PublicARP-based: uses ARP poisoning to sniff on a switched LAN from a victim host to all other hosts (half-duplex).

In addition, the software also offers the following features:

  • Character injection into an established connection: characters can be injected into a server (emulating commands) or to a client (emulating replies) while maintaining a live connection.
  • SSH1 support: the sniffing of a username and password, and even the data of an SSH1 connection. Ettercap is the first software capable of sniffing an SSH connection in full duplex.
  • HTTPS support: the sniffing of HTTP SSL secured data—even when the connection is made through a proxy.
  • Remote traffic through a GRE tunnel: the sniffing of remote traffic through a GRE tunnel from a remote Cisco router, and perform a man-in-the-middle attack on it.
  • Plug-in support: creation of custom plugins using Ettercap's API.
  • Password collectors for: TELNET, FTP, POP, IMAP, rlogin, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, Napster, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, MSN, YMSG
  • Packet filtering/dropping: setting up a filter that searches for a particular string (or hexadecimal sequence) in the TCP or UDP payload and replaces it with a custom string/sequence of choice, or drops the entire packet.
  • TCP/IP stack fingerprinting: determine the OS of the victim host and its network adapter.
  • Kill a connection: killing connections of choice from the connections-list.
  • Passive scanning of the LAN: retrieval of information about hosts on the LAN, their open ports, the version numbers of available services, the type of the host (gateway, router or simple PC) and estimated distances in number of hops.
  • Hijacking of DNS requests.

Ettercap also has the ability to actively or passively find other poisoners on the LAN.

References

References

  1. (2004-11-09). "The men behind ettercapNG".
  2. Jeffries, Adrianne. (2013-09-13). "Meet Hacking Team, the company that helps the police hack you".

::callout[type=info title="Wikipedia Source"] This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page. ::

network-analyzersunix-network-related-softwarepacket-analyzer-software-that-uses-gtklinux-network-related-software