Slashdot Mirror

← Back to Stories (view on slashdot.org)

The men behind ettercap-NG

Posted by CmdrTaco on from the lock-down-the-hatches dept.

An anonymous reader writes "In 2001 two Italians released the first beta version of ettercap, a network protocol analyzer. Ettercap is now covered in most security books. It's number 9 in the Top 75 Security Tools list of the Nmap Hackers mailing list. This summer they released ettercap-NG, which was completely rewritten from scratch with better, modular code, making it easier to add new features and write and submit patches. NewsForge recently caught up with its authors for an Interview."

24 of 89 comments (clear)

  1. spoken like a true *nix fan by necrogram · · Score: 5, Funny
    Because our mailboxes were full of users' requests for Windows porting and our antispam filter started to get confused.

    Thats one way to deal with windows people

  2. Re:N o Link? by Per+Wigren · · Score: 4, Funny

    Where is the link to ettercap?

    Here it is!

    --
    My other account has a 3-digit UID.
  3. Re:Well, I have never liked ettercap by kentmartin · · Score: 4, Informative

    I agree re: ethereal.

    I don't know why it wasn't linked to in the article, but here you go:

    Homepage: http://ettercap.sourceforge.net/
    Description: A suite for man in the middle attacks and network mapping

  4. Good summary, this time by YetAnotherName · · Score: 5, Insightful

    All too often, software announcements mention just the name of the item and not what it is or why it's interesting. As an example, compare this recent summary for Zope.

    Not everyone's heard of Ettercap; this summary says what it is (network protocol analyzer) and also why it's important (in top ten of security tools). I hope to see more summaries of this caliber on Slashdot.

    1. Re:Good summary, this time by lukewarmfusion · · Score: 2, Informative

      I don't think this was that good of a summary at all. I've never used ettercap and I've only heard it mentioned in passing. The story simply doesn't explain what it is.

      From ettercap project page:
      "Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis."

      That's a little more informative than "network protocol analyzer."

    2. Re:Good summary, this time by RollingThunder · · Score: 2, Insightful

      There has to be a limit, otherwise we end up having to define "man in the middle" and "LAN" and "content filtering", etc.

      I think that stating "network protocol analyzer" is sufficient - it indicates the general concept area, and gives the reader enough information to decide if it's something he should be going to dig deeper on or not.

      I do agree with a different responder that some things that could have been hyperlinked weren't.

  5. Re:Well, I have never liked ettercap by NicolaiBSD · · Score: 5, Interesting

    You're comparing apples and oranges. Ettercap is not just a packet dumping/protocol analyzer tool like tcpdump. It has many active features, like arp-cache poisoning, data injection etc.

  6. Top 75 Security Tools by Noksagt · · Score: 4, Informative

    The other top tools.

  7. Re:Well, I have never liked ettercap by grap · · Score: 2, Informative

    ettercap has almost nothing to do with ethereal, tcpdump or any other general-purpose sniffers. It's for a men-in-the-middle attack, with ARP poisoning and other techniques, not for simply sniffing packets that already come to your NIC.

    It can sniff in a switched enviroment. You can't do this whith TCPDUMP !!!

  8. Network Analizer... duh by Anonymous Coward · · Score: 3, Informative

    Ettercap is evil :)

    It's more of a hacking tool than a network analizer. It allows you to sniff switched networks, perform man-in-the-middle-attacks, it looks for passwords, etc.

    1. Re:Network Analizer... duh by slasher999 · · Score: 4, Interesting

      I tend to agree. Ettercap is a tool I've played with and it has helped me to understand some new concepts, but I haven't really found a good use for it in my day to day Sr Sys Adm career. Other "grey" tools however, such as ethereal and nmap, I wouldn't be without. As the authors pointed out, it's not the tools that are evil.

    2. Re:Network Analizer... duh by _Sprocket_ · · Score: 2, Informative

      Maybe you should take a look at ettercap?

  9. Interesting comment by Anonymous Coward · · Score: 5, Funny

    We chose the GPL because it's the most used, so it has to be the best.

    I have a nice Windows XP CD to sell you, guys.

    --
    Glass, total pwnage.

    1. Re:Interesting comment by Anonymous Coward · · Score: 2, Interesting

      I think someone has forgotten a :) at the end of the statement... indeed the next sentences explain the real meaning...

  10. I love ettercap... by wschalle · · Score: 5, Interesting

    Its man in the middle feature lets me catch botnets on my college campus (I work in the IT dept.) and shut them down immediately.

  11. Re:My little Ettercap... by FerretFrottage · · Score: 2, Funny

    "...won't you stay a while"

    --
    "Look Lois, the two symbols of the Republican Party: an elephant, and a fat white guy who is threatened by change."
  12. The fact that it's a *NIX program by Lifewish · · Score: 4, Insightful

    "anyone care to justify this application, which seems to be yet another blackhat/script kiddy tool?"

    Anyone who's smart enough to use it effectively deserves results :)

    Seriously, a swiss army knife for kiddies is by definition a swiss army knife for security testers and system managers. I'd prefer for hacking tools to be available for all rather than just for the malicious portion of the online population.

    --
    For the love of God, please learn to spell "ridiculous"!!!
  13. Try it with the new UBCD by Leigh13 · · Score: 4, Informative

    The new 3.0 release of the excellent Ultimate Boot CD has Ettercap included with the INSERT live CD. If you're a Windows user, it's an easy way to boot into Linux and try it out without having to worry about compiling and what not.

    --

    What I should have said was nothing.
  14. I like ettercap.. by sque · · Score: 2, Funny

    and have used it for long for time. I tend to use it for evil and not good though =/. Being on a switched enviroment at work makes it the perfect happy fun time tool! :-)

  15. Re:Legal uses of ettercap by warpSpeed · · Score: 2, Interesting
    anyone care to justify this application, which seems to be yet another blackhat/script kiddy tool?

    It is perfectly legal for me to do anything I like on my network. What more justification do I need?

    Perhaps we should ban debuggers too, because all we can use them for is breaking into commercial software...

  16. Re:Legal uses of ettercap by slash-tard · · Score: 2, Interesting

    I sniff traffic all the time using ethereal, etherpeek, and tcpdump. I do this to verify traffic from remote customers, help debug developers custom applications, and estimate bandwidth usage by application. I dont have a need for ettercap, man in the middle attacks, or arp poisoning though. Sniffers do have many legitimate uses other than spying on email and IM sessions.

  17. Re:Legal uses of ettercap by warpSpeed · · Score: 2, Insightful
    Hmmm, so I can alter my XBox without any legal problems? I paid for it.

    Sure, you just void your warrenty.

    What about these DVDs and CDs I bought, I can rip them onto my laptop so I don't have to carry my CDs and DVDs around? I bought these too.

    You can back them up, or convert them to some other format for your convinience.

    So I can burn down my own house? I own it... ah... oh... well half of it, the bank owns the other bit (d'oh). If I select the half I own, say the bathroom and the box room; I can trash that with impunity.

    You can do what you want with your house with in the limit of the law.

    Ownership doesn't necessarily convey infinite rights, just demans good stewardship. Don't forget to tell Bush...

    Ownership allows you to do what you want with your property as long as it is within the law. Nothing demands good stewardship, unless you count community peer pressure.

    And I did tell Bush, I voted for him. :-)

  18. Re:Well, I have never liked ettercap by the_mad_poster · · Score: 2, Insightful

    Soooo... your theory behind network intrusion testing is that you shouldn't try to break into the network while you're doing it, and therefore any tool that would help you do it must be useless or evil?

    Remind me to never hire you for anything related to network security testing....

    --
    Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
  19. even works on Mac OS X by ubiquitin · · Score: 2, Informative

    Check out: ettercap.darwinports.com

    --
    http://tinyurl.com/4ny52