Ettercap Tutorial For Network Sniffing and Man In The Middle – POFTUT

Ettercap Tutorial For Network Sniffing and Man In The Middle

As pentester we use a lot of tools during penetration tests. One of the main parts of the penetration test is man in the middle and network sniffing attacks. We generally use popular tool named ettercap to accomplish these attacks. In this tutorial we will look installation and different attack scenarios about ettercap .


We will look different installation types.

Debian, Ubuntu, Kali, Mint:

$ apt install ettercap-common

If we want to install GUI too run following command.

$ apt install ettercap-graphical

CentOS, Fedora, RHEL:

$ yum install ettercap


Compiled ettercap Windows binaries can be downloaded from following link.


Detailed help about ettercap can be listed with the -hoption like below.

$ ettercap -h

User Interface and Work Mode

Ettercap provides different type of user interface. GUI is the easiest one but we will use text only interface in this tutorial.

Text Only

Like a black linux terminal.


Curses is better interface than text only where it have menus.


Gtk is fully graphical user interface


Daemon mode will work background without stopping.

List Interface

Before specifying interface we should list available interfaces. We can list interfaces with -I option .

$ ettercap -I

Specify Network Interface

The first thing we should learn is select interface we want to operate with ettercap . We will use de facto option -i to specify interface we want to select. In this example we will select interface ens3

$ ettercap -i ens3

Select User Interface

We will use curses interface which can be selected with  -C option.

LEARN MORE  10 Things To Do After Fedora Installation

Start GUI

We can start GUI with the following command. Because ettercap will sniff and change os settings we need to provide root privileges while starting ettercap.

$ sudo ettercap -G

Select Sniff Mode

We should select sniff mode where two options are ;

  • Unified Sniffing
  • Bridged Sniffing

We will select Unified Sniffing

Select Sniff Mode
Select Sniff Mode

Select Interface

In this step we will select sniff interface

Select Interface
Select Interface

Current screenshot we can see that ettercap is sniffing.

Host List

We can list live hosts from the menuHost. We can see that IP address and MAC address information about the hosts are provided in the following screenshot.

Host List
Host List

Add To Target

We will add hosts to the target with Add to Target 1 and Add to Target 2 buttons. From host list menu.

Arp Poisoning

We will select fromARP PoisoningMitm the menu like below.

Arp Poisoning
Arp Poisoning

We should enable ifSniff remote connections we want to sniff all connections including remote ones.

Leave a Comment