As pentester we use a lot of tools during penetration tests. One of the main parts of the penetration test is man in the middle and network sniffing attacks. We generally use popular tool named
ettercap to accomplish these attacks. In this tutorial we will look installation and different attack scenarios about
We will look different installation types.
Debian, Ubuntu, Kali, Mint:
$ apt install ettercap-common
If we want to install GUI too run following command.
$ apt install ettercap-graphical
CentOS, Fedora, RHEL:
$ yum install ettercap
Compiled ettercap Windows binaries can be downloaded from following link.
Detailed help about ettercap can be listed with the
-hoption like below.
$ ettercap -h
User Interface and Work Mode
Ettercap provides different type of user interface. GUI is the easiest one but we will use text only interface in this tutorial.
Like a black linux terminal.
Curses is better interface than text only where it have menus.
Gtk is fully graphical user interface
Daemon mode will work background without stopping.
Before specifying interface we should list available interfaces. We can list interfaces with
-I option .
$ ettercap -I
Specify Network Interface
The first thing we should learn is select interface we want to operate with
ettercap . We will use de facto option
-i to specify interface we want to select. In this example we will select interface ens3
$ ettercap -i ens3
Select User Interface
We will use curses interface which can be selected with
We can start GUI with the following command. Because ettercap will sniff and change os settings we need to provide
root privileges while starting ettercap.
$ sudo ettercap -G
Select Sniff Mode
We should select sniff mode where two options are ;
We will select
In this step we will select sniff interface
Current screenshot we can see that ettercap is sniffing.
We can list hosts from
Add To Target
We will add hosts to the target with
Add to Target 1 and
Add to Target 2 buttons. From host list menu.
We will select
ARP Poisoning from
Mitm menu like below.
We should enable
Sniff remote connections if we want to sniff all connections including remote ones.