# ettercap/ettercap **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/ettercap-ettercap).** 2,682 stars · 528 forks · C · gpl-2.0 ## Links - GitHub: https://github.com/Ettercap/ettercap - Homepage: http://www.ettercap-project.org - awesome-repositories: https://awesome-repositories.com/repository/ettercap-ettercap.md ## Description Ettercap is a network utility tool used for ARP spoofing, packet filtering, traffic interception, passive scanning, and DHCP hijacking. It functions as a network traffic interceptor and man-in-the-middle packet filter to monitor and manipulate live TCP/UDP connections on a local area network. The project provides specialized capabilities for traffic redirection via ARP cache poisoning, DHCP server spoofing, ICMP redirects, and switch port stealing. It also enables the emulation of rogue services and the decryption of SSH1 session streams by substituting public keys. Additional capabilities include network discovery through active host discovery and passive LAN scanning, as well as network topology mapping. The tool supports real-time traffic manipulation by injecting forged data into live streams and filtering network payloads using custom scripts. ## Tags ### Security & Cryptography - [Man-in-the-Middle Frameworks](https://awesome-repositories.com/f/security-cryptography/man-in-the-middle-frameworks.md) — Intercepts and manipulates live network traffic between two hosts to monitor data or inject custom payloads. - [Passive LAN Scanners](https://awesome-repositories.com/f/security-cryptography/passive-lan-scanners.md) — Identifies active hosts, open ports, and operating systems by sniffing traffic without sending probes. - [Passive LAN Scanning](https://awesome-repositories.com/f/security-cryptography/passive-lan-scanning.md) — Identifies hosts, operating systems, and ports by sniffing packets without sending any probe traffic. ([source](https://cdn.jsdelivr.net/gh/ettercap/ettercap@master/README.md)) - [Passive Network Reconnaissance](https://awesome-repositories.com/f/security-cryptography/passive-network-reconnaissance.md) — Identifies active hosts, operating systems, and open ports by sniffing existing traffic without sending probe packets. - [Subnet Host Discovery](https://awesome-repositories.com/f/security-cryptography/reconnaissance-workflow-automation/host-reconnaissance/subnet-host-discovery.md) — Identifies responding devices on a local network by sending ARP requests and compiling a list of active hosts. ([source](https://cdn.jsdelivr.net/gh/ettercap/ettercap@master/README.md)) - [Rogue Network Services](https://awesome-repositories.com/f/security-cryptography/rogue-network-services.md) — Impersonates network infrastructure such as DHCP servers or SSH public key exchanges to hijack client configurations and sessions. ### Networking & Communication - [ARP Cache Poisoning](https://awesome-repositories.com/f/networking-communication/arp-and-ndp-responders/arp-cache-poisoning.md) — Intercepts and manipulates traffic by poisoning ARP caches to perform man-in-the-middle attacks. - [DHCP Poisoners](https://awesome-repositories.com/f/networking-communication/dhcp-servers/dhcp-poisoners.md) — Acts as a rogue DHCP server to inject manipulated gateway addresses and redirect client traffic. ([source](https://cdn.jsdelivr.net/gh/ettercap/ettercap@master/README.md)) - [Live Connection Captures](https://awesome-repositories.com/f/networking-communication/live-connection-captures.md) — Captures live TCP/UDP connections to monitor and analyze data exchange between hosts on a local area network. ([source](http://www.ettercap-project.org)) - [Network Stream Injections](https://awesome-repositories.com/f/networking-communication/network-stream-injections.md) — The tool enables inserting forged packets or modifying existing payloads in live connections while maintaining correct sequence numbers and checksums. ([source](https://cdn.jsdelivr.net/gh/ettercap/ettercap@master/README.md)) - [Network Topology Mapping](https://awesome-repositories.com/f/networking-communication/network-topology-mapping.md) — Discovers gateways, routers, and host relationships by analyzing packet headers and TTL values on a local network. - [OS Fingerprinting](https://awesome-repositories.com/f/networking-communication/os-fingerprinting.md) — Identifies operating systems and services by analyzing TCP/IP header fields like TTL and window size from observed traffic. - [Interface-Level Packet Filtering](https://awesome-repositories.com/f/networking-communication/packet-capture-filters/interface-level-packet-filtering.md) — Filters network payloads in real time using custom scripts to modify or drop packets based on specific criteria. ([source](https://cdn.jsdelivr.net/gh/ettercap/ettercap@master/README.md)) - [MITM Payload Filtering](https://awesome-repositories.com/f/networking-communication/packet-engines/packet-construction/real-time-packet-modification/mitm-payload-filtering.md) — Modifies or drops network payloads in real time using custom scripts and sequence number recalculation. - [Scriptable Packet Filters](https://awesome-repositories.com/f/networking-communication/scriptable-packet-filters.md) — Provides a domain-specific language to define rules for modifying or dropping network packet payloads in real time. - [Traffic Interceptors](https://awesome-repositories.com/f/networking-communication/traffic-interceptors.md) — Captures and analyzes live TCP/UDP connections to monitor data exchange between hosts on a LAN. - [Traffic Manipulation Tools](https://awesome-repositories.com/f/networking-communication/traffic-manipulation-tools.md) — Filters and modifies packet payloads in real time using scripts to alter data flowing between a client and server. - [Gateway and Router Identification](https://awesome-repositories.com/f/networking-communication/gateway-and-router-identification.md) — Recognizes network gateways through non-local IP traffic and routers via ICMP TTL-exceeded or redirect messages. ([source](https://cdn.jsdelivr.net/gh/ettercap/ettercap@master/README.md)) - [Layer-2 Traffic Sniffing](https://awesome-repositories.com/f/networking-communication/layer-2-traffic-sniffing.md) — Forwards traffic between two network interfaces to perform stealthy sniffing and content filtration at the physical layer. ([source](https://cdn.jsdelivr.net/gh/ettercap/ettercap@master/README.md)) - [Network Protocol Analysis](https://awesome-repositories.com/f/networking-communication/network-protocol-analysis.md) — Analyzes and decodes packet sequences to understand the structure of network communications and detect anomalies. ([source](http://www.ettercap-project.org)) - [Packet Sequencing](https://awesome-repositories.com/f/networking-communication/packet-sequencing.md) — Maintains a map of TCP sequence and acknowledgment numbers to inject or modify data without dropping connections. - [TCP Port Scanners](https://awesome-repositories.com/f/networking-communication/tcp-port-scanners.md) — Determines open TCP and UDP ports on a host by monitoring for SYN+ACK packets or outgoing UDP traffic. ([source](https://cdn.jsdelivr.net/gh/ettercap/ettercap@master/README.md)) - [Traffic Redirection Tools](https://awesome-repositories.com/f/networking-communication/traffic-redirection-tools.md) — Sends spoofed ICMP redirect messages to force clients to route internet-bound traffic through a specific interface. ([source](https://cdn.jsdelivr.net/gh/ettercap/ettercap@master/README.md)) - [Switch Port Stealing](https://awesome-repositories.com/f/networking-communication/traffic-redirection-tools/switch-port-stealing.md) — Floods switched networks with ARP packets to redirect traffic from victim ports to a target interface. ([source](https://cdn.jsdelivr.net/gh/ettercap/ettercap@master/README.md)) - [Transparent Layer 2 Bridges](https://awesome-repositories.com/f/networking-communication/transparent-layer-2-bridges.md) — Intercepts and relays traffic between two physical network interfaces to remain transparent while sniffing or filtering data. ### Operating Systems & Systems Programming - [Operating System Detection](https://awesome-repositories.com/f/operating-systems-systems-programming/operating-system-detection.md) — Detects the operating system and active services by analyzing TCP/IP header fields like TTL and window size. ([source](https://cdn.jsdelivr.net/gh/ettercap/ettercap@master/README.md)) ### Part of an Awesome List - [Traffic Analysis Engines](https://awesome-repositories.com/f/awesome-lists/data/traffic-analysis-engines.md) — Suite for traffic capture and man-in-the-middle analysis.