// arsenal·Network AnalysisIntermediateFOSS

Ettercap

Classic LAN man-in-the-middle framework — ARP poisoning, DNS spoofing, filters.

Network Analysis

$ ettercap --help

Ettercap

// what it is

Description

ALoR & NaGA's MITM toolkit. ARP poisoning, DHCP spoofing, port stealing, ICMP redirection, plus a filter language for live packet rewriting. Increasingly superseded by Bettercap but still alive on old engagements.

// use cases

What people use it for

LAN MITM demonstrations
ARP-spoofing demonstrations in labs

// commands

The commands you'll type

Text-mode ARP MITM

$ ettercap -T -M arp:remote /10.0.0.1// /10.0.0.5//

// facts

category: Network Analysis
platforms: LIN · MAC
license: FOSS
difficulty: Intermediate

// links

// related in Network Analysis

Network AnalysisBeginner

Wireshark

The reference open-source network protocol analyzer.

FOSS

LIN·WIN·MAC

open entry →

Network AnalysisIntermediate

tcpdump

The command-line packet sniffer that every Unix-like ships with.

FOSS

LIN·MAC

open entry →

Network AnalysisIntermediate

Bettercap

Modern reincarnation of Ettercap — Go-based, scriptable, Wi-Fi-aware.

FOSS

LIN·MAC

open entry →