A multipurpose sniffer/interceptor/logger for switched LAN.
It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.
Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks.
==== Character injection ==== in an established connection : you can inject character to server (emulating commands) or to client (emulating replies) maintaining the connection alive !!
==== SSH1 support ==== you can sniff User and Pass, and even the data of an SSH1 connection. ettercap is the first software capable to sniff an SSH connection in FULL-DUPLEX
==== HTTPS support ==== you can sniff http SSL secured data... and even if the connection is made through a PROXY
==== Remote traffic through GRE tunnel ==== you can sniff remote traffic through a GRE tunnel from a remote cisco router and make mitm attack on it
=== Plug-ins support === You can create your own plugin using the ettercap's API.
List of available plugins
=== Password collector === for TELNET, FTP, POP, RLOGIN, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, NAPSTER, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, HALF LIFE, QUAKE 3, MSN, YMSG (other protocols coming soon...)
=== Packet filtering/dropping === You can set up a filter that search for a particular string (even hex) in the TCP or UDP payload and replace it with yours or drop the entire packet.
=== OS fingerprint === you can fingerprint the OS of the victim host and even its network adapter
==== Kill a connection ==== from the connections list you can kill all the connections you want
Although it is not documented how you can do this from the text mode. Appearently nobody knows how to do this.
==== Passive scanning of the LAN ==== you can retrive infos about: hosts in the lan, open ports, services version, type of the host (gateway, router or simple host) and extimated distance in hop.
==== Check for other ARP poisoners ==== ettercap has the ability to actively or passively find other poisoners on the LAN
==== Bind sniffed data to a local port ==== you can connect to that port with a client and decode unknown portocols or inject data to it (only in arp based mode)
=== Interface === Ettercap NG includes a ncurses, text and GTK+ interface.
Linux 2.4.x FreeBSD 4.x
OpenBSD 2. 3.0
NetBSD 1.5 [[Mac OS X (darwin 1.3 1.4 5.1)
Windows 9x/NT/2000/XP (port in progress)
Recent versions of libpcap and libnet are required now. The interface libraries like ncurses and GTK+ are optional.
If you want SSH1 and/or HTTPS support, ettercap requires OpenSSL libraries.
NG-0.7.3 RELEASED !!