Ettercap

Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis. It has also a GUI (-G).

Usage

Usage: ettercap [OPTIONS] [TARGET1] [TARGET2]

TARGET is in the format MAC/IP/IPv6/PORTs (see the man for further detail)

Sniffing and Attack Options

Option	Description
`-M, --mitm <METHOD:ARGS>`	perform a mitm attack
`-o, --only-mitm`	don’t sniff, only perform the mitm attack
`-b, --broadcast`	sniff packets destined to broadcast
`-B, --bridge <IFACE>`	use bridged sniff (needs 2 ifaces)
`-p, --nopromisc`	do not put the iface in promisc mode
`-S, --nosslmitm`	do not forge SSL certificates
`-u, --unoffensive`	do not forward packets
`-r, --read <file>`	read data from pcapfile
`-f, --pcapfilter <string>`	set the pcap filter
`-R, --reversed`	use reversed TARGET matching
`-t, --proto <proto>`	sniff only this proto (default is all)
`--certificate <file>`	certificate file to use for SSL MiTM
`--private-key <file>`	private key file to use for SSL MiTM

User Interface Type

Option	Description
`-T, --text`	use text only GUI
`-q, --quiet`	do not display packet contents
`-s, --script <CMD>`	issue these commands to the GUI
`-C, --curses`	use curses GUI
`-D, --daemon`	daemonize ettercap (no GUI)
`-G, --gtk`	use GTK+ GUI

Logging Options

Option	Description
`-w, --write <file>`	write sniffed data to pcapfile
`-L, --log <logfile>`	log all the traffic to this
`-l, --log-info <logfile>`	log only passive infos to this
`-m, --log-msg <logfile>`	log all the messages to this
`-c, --compress`	use gzip compression on log files

Visualization Options

Option	Description
`-d, --dns`	resolves ip addresses into hostnames
`-V, --visual <format>`	set the visualization format
`-e, --regex <regex>`	visualize only packets matching this regex
`-E, --ext-headers`	print extended header for every pck
`-Q, --superquiet`	do not display user and password

General Options

Option	Description
`-i, --iface <iface>`	use this network interface
`-I, --liface`	show all the network interfaces
`-Y, --secondary <ifaces>`	list of secondary network interfaces
`-n, --netmask <netmask>`	force this on iface
`-A, --address <address>`	force this local on iface
`-P, --plugin <plugin>`	launch this - multiple occurrence allowed
`--plugin-list <plugin1>,[<plugin2>,...]`	comma-separated list of plugins
`-F, --filter <file>`	load the filter (content filter)
`-z, --silent`	do not perform the initial ARP scan
`-6, --ip6scan`	send ICMPv6 probes to discover IPv6 nodes on the link
`-j, --load-hosts <file>`	load the hosts list from
`-k, --save-hosts <file>`	save the hosts list to
`-W, --wifi-key <wkey>`	use this key to decrypt wifi packets (wep or wpa)
`-a, --config <config>`	use the alternative config file

Knowledge Base

Explorer

ettercap