Ettercap stands for Ethernet Capture.
Ettercap is a comprehensive suite for man in the middle attacks.
It features sniffing of live connections, content filtering on the
fly and many other interesting tricks. It supports active and passive
dissection of many protocols and includes many features for network and
host analysis.
Download and Install
Download the install the Ettercap package from
Ettercap.
You can also install from the mirror as follows:
# apt-get install ettercap-gtk ettercap-common
This article explains how to perform DNS spoofing and ARP poisoning using Ettercap tool in Local Area Network ( LAN ).
Warning: Do not execute this on a network or system
that you do not own. Execute this only on your own network or system for
learning purpose only. Also, do not execute this on any production
network or system. Setup a small network/system for testing purpose and
play around with this utility on it for learning purpose only.
Ettercap Basics
First let’s learn some basics about Ettercap. Ettercap has the following 4 types of user interface
- Text Only – ‘-T’ option
- Curses – ‘-C’ option
- GTK – ‘-G’ option
- Daemon – ‘-D’ option
In this article, we will mainly focus on the “Graphical GTK User Interface”, since it will be very easy to learn.
Launching an ARP Poisoning Attack
We have already explained about why we need ARP and the conceptual explanation of ARP cache poisoning in
ARP-Cache-Poisoning. So please have a look into it, and this article will cover how to perform it practically.
The following diagram explains the network architecture. All the
attacks explained here will be performed on the following network
diagram only. Using Ettercap in a production environment is not
advisable.
You
might be surprised to learn just how many people want to learn how to
hack. The stereotype is that of the young college guy – a computer
science major for sure – who spends his evenings and weekends writing up
intricate hacking scripts to break into whatever computer system he can
get his hands on.
