OFFSITE.DARK
← Tools

Index · E

Kali Linux

ettercap

Overview

Ettercap performs MITM on LAN via ARP poisoning. Sniffs, filters, and injects traffic. Plugins for DNS spoof, credential harvest.

Unified mode `-T` for CLI; `-G` GUI. `--dns` redirects domains. Requires IP forwarding enabled.

Primary use cases

  • Demonstrating LAN MITM risk on flat networks
  • DNS spoofing in authorized lab exercises

Key commands

ARP poison MITM

ettercap -T -M arp:remote /10.0.0.1// /10.0.0.50// -i eth0

Detection / defense notes

  • Dynamic ARP inspection on switches; 802.1X
  • HTTPS everywhere; certificate pinning for sensitive apps

Related tools

  • responderLLMNR/NBT-NS/mDNS poisoner. Captures NetNTLM hashes on local networks.
  • WiresharkPacket dissector. Live capture and PCAP analysis with display filters and protocol decoders.
→ official site