ettercap

comprehensive suite for network MITM attacks

TLDR

Start graphical interface

$ ettercap -G

ARP poisoning attack

$ ettercap -T -M arp:remote /[target1]// /[target2]//

Sniff on interface

$ ettercap -T -i [eth0]

Use text interface

$ ettercap -T

Load plugin

$ ettercap -T -P [dns_spoof]

Read from pcap file

$ ettercap -T -r [capture.pcap]

SYNOPSIS

ettercap [options] [target1] [target2]

Ettercap is a comprehensive suite for man-in-the-middle attacks on LAN. It supports active and passive protocol analysis, including features for network and host analysis.
The tool can intercept traffic through ARP poisoning, allowing packet sniffing, injection, and filtering. Plugins extend functionality for DNS spoofing, OS fingerprinting, and more.
Ettercap is used for network security testing, protocol analysis, and penetration testing on authorized networks.

PARAMETERS

TARGET

Target specification (MAC/IP/PORT).

-G

Graphical (GTK) interface.

-T

Text-only interface.

-M METHOD

MITM attack method.

-i INTERFACE

Network interface.

-P PLUGIN

Load plugin.

-r FILE

Read from pcap file.

-w FILE

Write to pcap file.

--help

Display help information.

CONFIGURATION

/etc/ettercap/etter.conf

Main configuration file controlling default interface, packet forwarding, plugin paths, and network settings.

/etc/ettercap/etter.dns

DNS spoofing configuration mapping hostnames to IP addresses for the dns_spoof plugin.

CAVEATS

Only use on authorized networks. May disrupt network operations. Detectable by security tools. Some attacks need root privileges.

HISTORY

Ettercap was created by Alberto Ornaghi and Marco Valleri, released as open source for network security research. It became a standard tool for man-in-the-middle attack demonstrations.