Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security

The men behind ettercap-NG 89

An anonymous reader writes "In 2001 two Italians released the first beta version of ettercap, a network protocol analyzer. Ettercap is now covered in most security books. It's number 9 in the Top 75 Security Tools list of the Nmap Hackers mailing list. This summer they released ettercap-NG, which was completely rewritten from scratch with better, modular code, making it easier to add new features and write and submit patches. NewsForge recently caught up with its authors for an Interview."
This discussion has been archived. No new comments can be posted.

The men behind ettercap-NG

Comments Filter:
  • by necrogram ( 675897 ) on Tuesday November 09, 2004 @09:10AM (#10765420)
    Because our mailboxes were full of users' requests for Windows porting and our antispam filter started to get confused.

    Thats one way to deal with windows people

  • by YetAnotherName ( 168064 ) on Tuesday November 09, 2004 @09:12AM (#10765440) Homepage
    All too often, software announcements mention just the name of the item and not what it is or why it's interesting. As an example, compare this recent summary for Zope [slashdot.org].

    Not everyone's heard of Ettercap; this summary says what it is (network protocol analyzer) and also why it's important (in top ten of security tools). I hope to see more summaries of this caliber on Slashdot.
    • The summary text was good, but a link to the project would have been a good addition, as would a link to the top 75 list mentioned.
    • I don't think this was that good of a summary at all. I've never used ettercap and I've only heard it mentioned in passing. The story simply doesn't explain what it is.

      From ettercap project page [sourceforge.net]:
      "Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis."

      That's a lit
      • There has to be a limit, otherwise we end up having to define "man in the middle" and "LAN" and "content filtering", etc.

        I think that stating "network protocol analyzer" is sufficient - it indicates the general concept area, and gives the reader enough information to decide if it's something he should be going to dig deeper on or not.

        I do agree with a different responder that some things that could have been hyperlinked weren't.
        • At LEAST mention how it differs from other network protocol analyzers out there... especially if there's a super-popular one that people may be more familiar with (Ethereal). IMHO, the critical difference is that it allows sniffing of switched networks.
  • by Noksagt ( 69097 ) on Tuesday November 09, 2004 @09:19AM (#10765484) Homepage
    The other top tools [insecure.org].
  • by Anonymous Coward on Tuesday November 09, 2004 @09:25AM (#10765526)
    Ettercap is evil :)

    It's more of a hacking tool than a network analizer. It allows you to sniff switched networks, perform man-in-the-middle-attacks, it looks for passwords, etc.
    • Wouldn't you rather know if it's possible to do those thing on your own network, rather than keeping the tools only in the hands of those with nefarious intent?
    • by slasher999 ( 513533 ) on Tuesday November 09, 2004 @11:23AM (#10766586)
      I tend to agree. Ettercap is a tool I've played with and it has helped me to understand some new concepts, but I haven't really found a good use for it in my day to day Sr Sys Adm career. Other "grey" tools however, such as ethereal and nmap, I wouldn't be without. As the authors pointed out, it's not the tools that are evil.
    • No tool can sniff switched networks. The information never makes it to your network adapter, nothing to sniff. A hub on the other hand, no problem.
      • by Anonymous Coward
        you are quite wrong. it is possible. try a google for something like "switch mac flood sniff." hopefully the results will help you, and others, realize that often times there is more to security than what "seems" secure.
      • Maybe you should take a look at ettercap?
      • You're incorrect. Ettercap uses a technique called "Arp poisoning" which basically tricks the switch into sending you packets that don't belong to you, which ettercap then forwards to the victim and vice-versa.

        Google can tell you a lot more about it. Also have a look at the DSniff suite.

        Cheers,
        Chris.
  • by Anonymous Coward on Tuesday November 09, 2004 @09:30AM (#10765557)

    We chose the GPL because it's the most used, so it has to be the best.

    I have a nice Windows XP CD to sell you, guys.

    --
    Glass, total pwnage.

    • by Anonymous Coward
      I think someone has forgotten a :) at the end of the statement... indeed the next sentences explain the real meaning...
  • I love ettercap... (Score:5, Interesting)

    by wschalle ( 790478 ) on Tuesday November 09, 2004 @09:49AM (#10765721)
    Its man in the middle feature lets me catch botnets on my college campus (I work in the IT dept.) and shut them down immediately.
  • by Leigh13 ( 96452 ) <<moc.liamtoh> <ta> <31hgiel>> on Tuesday November 09, 2004 @10:00AM (#10765809)
    The new 3.0 release of the excellent Ultimate Boot CD [ultimatebootcd.com] has Ettercap included with the INSERT live CD. If you're a Windows user, it's an easy way to boot into Linux and try it out without having to worry about compiling and what not.
  • and have used it for long for time. I tend to use it for evil and not good though =/. Being on a switched enviroment at work makes it the perfect happy fun time tool! :-)
  • Neat program. I'll mess around with it more later. But looking at the screenshots on the site reminded me of an old /. story (I think) and I'd like help finding it if anyone can help me, this is somewhat OT.

    The program did something similar, it would monitor network traffic and show you all the images that were being transmitted. So you could run it and figure out what sites people were surfing and stuff like that. It was very cool, but I have been unable to find it recently and I don't remember the name.

  • how is it? (Score:1, Funny)

    by Anonymous Coward
    Is ettercap uttercrap?
  • by Anonymous Coward
    By "real" I mean you get paid to admin a box other than your own.

    I'm just curious. I tend to avoid the "dark gray" tools like this and stick to the "light gray" tools like nmap.

    So have you used this tool? In what capacity? Penetration testing? Just poking around the network? For your own education or did you use the info in a report or to solve a specific problem? Etc?

    Just wondering if I should take the time to add it to my toolbox.
    • [So] I didn't know it existed, but this tool sounds relly useful to me as a completely "white" application.

      I work at a company that makes cell phone system test gear. We help cell phone companies set up quality and throughput testing and transport/content correctness.

      Many is the time when, as I develop the tidbits, I want to see the data flow and content actually being received. I have become a zen grand master of getting my ass lost piecing together partial frames and retransmits.

      A program that recon
  • Attercop ? (Score:1, Interesting)

    by Anonymous Coward
    Old fat spider
    spinning in a tree!
    Old fat spider
    can't see me!
    Attercop! Attercop!
    Won't you stop,
    Stop your spinning
    and look at me!

    Old Tomnoddy, all big body,
    Old Tomnoddy can't spy me!
    Attercop! Attercop!
    Down you drop!
    You'll never catch me up your tree!
    • In case you didn't catch this, its a quote of the song Bilbo sang when taunting the spiders of Mirkwood in "The Hobbit"

      (Horrors. I almost wrongly said it was a misquote of a Tom Bombadil song from The Fellowship of the Ring.. Shudder, what a public embarasment THAT would have been...)
  • What has happened to robertgraham.com ?? I used to send people there to get a clue about security. "Connection refused" ??!! Huh?
  • by ubiquitin ( 28396 ) * on Tuesday November 09, 2004 @04:24PM (#10769756) Homepage Journal
    Check out: ettercap.darwinports.com [darwinports.com]
  • I think ettercap really caters to kiddies, like AimSniff.pl and others, especially with all the password tools. It is for switched lans, which is like the popular Linksys routers, so many a thirteen year old adolescent is using ettercap to read someones AIM conversations.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...