Ettercap
Ettercap is a network security tool that intercepts network traffic. Ettercap can be run from a wide variety of operating systems including Windows, Linux, Unix, Mac OS X, Solaris, and BSD. It is a completely free, open source and is one of the most used and recommended security programs in the world. Ettercap intercepts network traffic, performs eavesdropping operations, audits a network for security limitations, captures passwords, and even denies service to a specific user.
How Ettercap Works
Ettercap uses a technique known as “ARP poisoning” or “Address Resolution Protocol poisoning” to associate an attacker’s MAC address with the target’s computer. By doing this, any traffic in the network that was intended to reach the target’s computer is sent to the attacker’s computer instead. The attacker can then choose to forward the traffic to the target’s computer in order to eavesdrop or modify the traffic in order to produce a specific effect. The attacker could also associate a target’s computer with a nonexistent MAC address in order to deny the target traffic that was intended for them.
Features
Ettercap has several important features that most network security tools do not provide. For example, Ettercap filters packets based on four different operation modes that include IP-based, MAC-based, ARP-based, and PublicARP-based filters. Ettercap determines a victim’s operating system, hijacks DNS requests, and kills remote connections. Ettercap also detects other ARP poisoners on a network.
Advantages
Ettercap is a free and open source, so it can be used for both personal and commercial purposes. It also creates its own plug-ins, allowing additional functions and features to be produced on a daily basis. Ettercap can view secured data, conduct remote operations through a GRE tunnel, and has a built-in password collector.
Disadvantages
Other network security tools, especially Ettercap itself, can detect Ettercap on a network. Also, while Ettercap can be used for benevolent purposes in order to find weaknesses in a network, it can also be used for malicious purposes in order to attack a computer or node on a network.
|
|
- Packet Sniffing
Packet sniffing is the act of intercepting and recording traffic that passes over a specific section or location on a network. As the data passes across the network, a packet sniffer application saves each packet for later use. Network administrators and law enforcement packet sniff for legitimate reasons, but rogue actors who use the captured [...]...
- Personal Firewall
A personal firewall is a firewall-like software application which runs on a users PC. Traditional software-based firewalls run as the only application on stand-alone computers which have been hardened to protect against hackers. Personal firewalls run on PC’s along with all of the other applications required by the PC user. Traditional firewalls protect entire networks. [...]...
- SNTP (Simple Network Time Protocol)
The Simple Network Time Protocol (SNTP) is a simpler version of the Network Time Protocol (NTP). SNTP synchronizes the time between networked computer systems and is relied on when data is being transferred via the Internet. The NTP protocol is one of the most established protocols still used on the Internet. It uses a GPS [...]...