In this article, we will be talking about Ettercap. Does this NA stand well against other network analyzers on the market?


Developed by Alberto Ornaghi and Marco Valleri, Ettercap is suited for ‘man in the middle’ attacks launched on LAN. For those who oppose the Command like Interface, a vivid graphical interface is provided. Through the proper positioning of itself as ‘man in the middle,’ Ettercap is able to carry out attacks against the ARP protocol and in this position is therefore equipped to infect data in a connection, replace any data or piece of information in a connection, delete data in a connection. Also, the discovery of passwords for protocols such as FTP and HTTP, among other protocols, are possible, as well as the provision of fake SSL certificates in the victims’ HTTPS sections. Ettercap also makes plugins available for other attacks such as DNS spoofing. 

A ‘man in the middle’ attack is described as an attack where a machine/device is put logically by a pirate, between two machines in communication. Once the pirate is situated in this way, numerous significantly destructive attacks can be launched by the pirate, to cause a lot of damage because he/she is between two conventional machines. 

What Ettercap can do

Ettercap is known for supporting the dissection of numerous protocols actively and passively and fortified with features that allow the analysis of host and network. This program can come between network segment traffic, gaining and storing passwords, as well as conducting eavesdrop activities against several notable protocols. Ettercap uses four models; IP, MAC, ARP, and Public ARP. 

The Ettercap program comes pre-installed on Kali Linux. The Domain Name System (DNS) is called upon when trying to resolve human-readable hostnames into forms that are readable by the IP addresses. DNS spoofing provides users/attackers with the ability to redirect victims to a server chosen by the attacker. Traffic gets diverted to the attackers’ device as a result of this action. Ettercap provides users with an attractive feature of being able to fiddle with its filters; filters get to be manipulated at will in other to make packets perform a function desired by the user. 

IP Forwarding and Network Performance

It is important to note that Ettercap disables IP forwarding in the kernel every time it starts and puts in motion the movement of packets itself. Also, Ettercap can significantly slow down the speed of network performance between more than one host as a result of the processing time for the packets’ machine. Also, Ettercap requires root privileges to be able to open Link Layer sockets.  

Download Hire A Ettercap Expert

Add comment

  Ettercap Community

Get the lastest tips and tricks. Dive deep into troubleshooting issues that can occur on your network with Ettercap. Join today!

By Operation System

Mac OS