Ettercap is a network security tool that intercepts network traffic. Ettercap can be run from a wide variety of operating systems including Windows, Linux, Unix, Mac OS X, Solaris, and BSD. It is a completely free, open source and is one of the most used and recommended security programs in the world. Ettercap intercepts network traffic, performs eavesdropping operations, audits a network for security limitations, captures passwords, and even denies service to a specific user.

How Ettercap Works

Ettercap uses a technique known as “ARP poisoning” or “Address Resolution Protocol poisoning” to associate an attacker’s MAC address with the target’s computer. By doing this, any traffic in the network that was intended to reach the target’s computer is sent to the attacker’s computer instead. The attacker can then choose to forward the traffic to the target’s computer in order to eavesdrop or modify the traffic in order to produce a specific effect. The attacker could also associate a target’s computer with a nonexistent MAC address in order to deny the target traffic that was intended for them.

Features

Ettercap has several important features that most network security tools do not provide. For example, Ettercap filters packets based on four different operation modes that include IP-based, MAC-based, ARP-based, and PublicARP-based filters. Ettercap determines a victim’s operating system, hijacks DNS requests, and kills remote connections. Ettercap also detects other ARP poisoners on a network.

Advantages

Ettercap is a free and open source, so it can be used for both personal and commercial purposes. It also creates its own plug-ins, allowing additional functions and features to be produced on a daily basis. Ettercap can view secured data, conduct remote operations through a GRE tunnel, and has a built-in password collector.

Disadvantages

Other network security tools, especially Ettercap itself, can detect Ettercap on a network. Also, while Ettercap can be used for benevolent purposes in order to find weaknesses in a network, it can also be used for malicious purposes in order to attack a computer or node on a network.