Installing and using Ettercap

Ettercap is a tool for analyzing computer network security.


Ubuntu/Debian installation command:

sudo apt install ettercap-text-only

View Help:

ettercap --help

Ettercap usage example:

ettercap [OPTIONS] [TARGET1] [TARGET2]
sudo ettercap -T -q -i eth0

List of possible startup keys:

Sniffing and Attack options:
-M, –mitm perform a mitm attack
-o, –only-mitm don’t sniff, only perform the mitm attack
-B, –bridge use bridged sniff (needs 2 ifaces)
-p, –nopromisc do not put the iface in promisc mode
-u, –unoffensive do not forward packets
-r, –read read data from pcapfile
-f, –pcapfilter set the pcap filter
-R, –reversed use reversed TARGET matching
-t, –proto sniff only this proto (default is all)
User Interface Type:
-T, –text use text only UI
-q, –quiet do not display packet contents
-s, –script issue these commands to the GUI
-C, –curses use curses UI
-D, –daemon daemonize ettercap (no UI)
Logging options:
-w, –write write sniffed data to pcapfile
-L, –log log all the traffic to this
-l, –log-info log only passive infos to this
-m, –log-msg log all the messages to this
-c, –compress use gzip compression on log files

Visualization options:
-d, –dns resolves ip addresses into hostnames
-V, –visual set the visualization format
-e, –regex visualize only packets matching this regex
-E, –ext-headers print extended header for every pck
-Q, –superquiet do not display user and password
General options:
-i, –iface use this network interface
-I, –iflist show all the network interfaces
-n, –netmask force this on iface
-A, –address

force this local
on iface
-P, —plugin launch this -F, —filter load the filter (content filter)
-z, —silent do not perform the initial ARP scan
-j, —load-hosts load the hosts list from
-k, —save-hosts save the hosts list to
-W, —wep-key use this wep key to decrypt wifi packets
-a, —config use the alterative config file
Standard options:
-v, —version prints the version and exit
-h, —help this help screen

Leave a comment

Leave a Reply