Ettercap (software)

Ettercap is a free computer program for man-in- the-middle attacks. It supports sniffing on IP as well as on ARP -based real-time control of connections even in switched networks, content-related filtering and active and passive analysis of individual hosts and entire networks.

Available is Ettercap for Linux, BSD derivatives, Solaris, Mac OS X as well as Windows.

As a user interface are in addition to the simple console operation, the ncurses front-end and also a GTK2 GUI. There is also the possibility to start Ettercap in the so-called Daemonmode, which runs in the background, the program and the desired activities, indicated by shell performs parameter for specialized, time-consuming and user- interaction- independent attacks. This is, for example, automatic logging ( " logging" ) of user names and passwords of the entire network to a central file ( supports, among other HTTP, HTTPS, ICQ, POP3, IMAP, SMB, Q3A, Oracle, MySQL, SMTP).

Although it officially is a security program, it is classified as extremely hazardous in contrast to many other similar programs of many companies. Websense Inc., for example, restricting access to the homepage of Ettercap permanently.

Ettercap can also be very good in conjunction with other sniffers, such as Wireshark, use: Ettercap forwards network traffic (such as ARP spoofing ) to the interface of the attacker, who sniff it with Wireshark and it can forward.