Ask
Login
1
968views
What is Ettercap? Explain it's operations and features.
written 2.6 years ago by gravatar for Purvil Purvil 540 modified 2.6 years ago by gravatar for DevarenjiniP DevarenjiniP 3.2k
cyber security and laws
ADD COMMENT EDIT
1 Answer
1
32views
written 2.6 years ago by gravatar for DevarenjiniP DevarenjiniP 3.2k modified 2.6 years ago by gravatar for Purvil Purvil 540

Ettercap

  • Ettercap isatool made by Alberto Ornaghi (ALOR) and Marco Valleri (NaGA) and is basicallyasuite for man in the middle attacks onaLAN.
  • What isa"man in the middle" attack?
  • This is an attack whereapirate put its machine in the logical way between two machines speaking together as shown in the picture below.

  • Once in this position, the pirate can launchalot of different very dangerous attacks because he/she is in the way between to two normal machines.

  • Attacks are not always simple; most of them are complex and it isa big challenge for security researchers and companies that offera solution for them. An attack can be active or passive.

  • Active attack: In this kind of attack, The Attacker attempts to alter system resources or destroy the data. The Attacker can change the data, etc.
  • Passive attack: In this kind of attack, The Attacker attempts to gain information from the system without destroying the information. This attack is more like monitoring and recognition of the target.

  • Ettercap offers four modes of operation:

    • IP-based: packets are filtered based on IP source and destination.
    • MAC-based: packets are filtered based on MAC address, useful for sniffing connections through a gateway.
    • ARP-based: uses ARP poisoning to sniff on a switched LAN between two hosts.
    • PublicARP-based: uses ARP poisoning to sniff on a switched LAN from a victim host to all other hosts.

  • Ettercap offers following features:

    • Character injection into an established connection. Characters can be injected into a server or to a client while maintaining a live connection.

    • It supports sniffing of a password and username and even the data of an SSH1 connection.

    • It supports sniffing of HTTP SSL secured data-even when the connection is made through a proxy.

    • It supports in setting up a filter that searches for a particular string in the TCP or UDP payload and replaces it with a custom string or drops the entire packet.

    • It can determine the OS of the victim host and its network adapter.

    • It can kill connections of choices from the connection-list.

    • It can hijack DNS requests.

    • It can also find other poisoners on the LAN actively or passively.
ADD COMMENT EDIT
Please log in to add an answer.