Site Navigation

FreeBSD Manual Pages

   man apropos
 
   All Sections 1 - General Commands 2 - System Calls 3 - Subroutines 4 - Special Files 5 - File Formats 6 - Games 7 - Macros and Conventions 8 - Maintenance Commands 9 - Kernel Interface n - New Commands FreeBSD 16.0-CURRENT FreeBSD 15.0-RELEASE FreeBSD 15.0-RELEASE and Ports FreeBSD 15.0-STABLE FreeBSD 14.3-RELEASE FreeBSD 14.3-RELEASE and Ports FreeBSD 14.3-STABLE FreeBSD 14.2-RELEASE FreeBSD 14.2-RELEASE and Ports FreeBSD 14.1-RELEASE FreeBSD 14.1-RELEASE and Ports FreeBSD 14.0-RELEASE FreeBSD 14.0-RELEASE and Ports FreeBSD 13.5-RELEASE FreeBSD 13.5-RELEASE and Ports FreeBSD 13.5-STABLE FreeBSD 13.4-RELEASE FreeBSD 13.4-RELEASE and Ports FreeBSD 13.3-RELEASE FreeBSD 13.3-RELEASE and Ports FreeBSD 13.2-RELEASE FreeBSD 13.2-RELEASE and Ports FreeBSD 13.1-RELEASE FreeBSD 13.1-RELEASE and Ports FreeBSD 13.0-RELEASE FreeBSD 13.0-RELEASE and Ports FreeBSD 12.4-RELEASE FreeBSD 12.4-RELEASE and Ports FreeBSD 12.3-RELEASE FreeBSD 12.3-RELEASE and Ports FreeBSD 12.2-RELEASE FreeBSD 12.2-RELEASE and Ports FreeBSD 12.1-RELEASE FreeBSD 12.1-RELEASE and Ports FreeBSD 12.0-RELEASE FreeBSD 12.0-RELEASE and Ports FreeBSD 11.4-RELEASE FreeBSD 11.4-RELEASE and Ports FreeBSD 11.3-RELEASE FreeBSD 11.3-RELEASE and Ports FreeBSD 11.2-RELEASE FreeBSD 11.2-RELEASE and Ports FreeBSD 11.1-RELEASE FreeBSD 11.1-RELEASE and Ports FreeBSD 11.0-RELEASE FreeBSD 11.0-RELEASE and Ports FreeBSD 10.4-RELEASE FreeBSD 10.4-RELEASE and Ports FreeBSD 10.3-RELEASE FreeBSD 10.3-RELEASE and Ports FreeBSD 10.2-RELEASE FreeBSD 10.2-RELEASE and Ports FreeBSD 10.1-RELEASE FreeBSD 10.1-RELEASE and Ports FreeBSD 10.0-RELEASE FreeBSD 10.0-RELEASE and Ports FreeBSD 9.3-RELEASE FreeBSD 9.3-RELEASE and Ports FreeBSD 9.2-RELEASE FreeBSD 9.2-RELEASE and Ports FreeBSD 9.1-RELEASE FreeBSD 9.1-RELEASE and Ports FreeBSD 9.0-RELEASE FreeBSD 9.0-RELEASE and Ports FreeBSD 8.4-RELEASE FreeBSD 8.4-RELEASE and Ports FreeBSD 8.3-RELEASE FreeBSD 8.3-RELEASE and Ports FreeBSD 8.2-RELEASE FreeBSD 8.2-RELEASE and Ports FreeBSD 8.1-RELEASE FreeBSD 8.1-RELEASE and Ports FreeBSD 8.0-RELEASE FreeBSD 8.0-RELEASE and Ports FreeBSD 7.4-RELEASE FreeBSD 7.4-RELEASE and Ports FreeBSD 7.3-RELEASE FreeBSD 7.3-RELEASE and Ports FreeBSD 7.2-RELEASE FreeBSD 7.2-RELEASE and Ports FreeBSD 7.1-RELEASE FreeBSD 7.1-RELEASE and Ports FreeBSD 7.0-RELEASE FreeBSD 6.4-RELEASE FreeBSD 6.4-RELEASE and Ports FreeBSD 6.3-RELEASE FreeBSD 6.3-RELEASE and Ports FreeBSD 6.2-RELEASE FreeBSD 6.1-RELEASE FreeBSD 6.0-RELEASE FreeBSD 6.0-RELEASE and Ports FreeBSD 5.5-RELEASE FreeBSD 5.5-RELEASE and Ports FreeBSD 5.4-RELEASE FreeBSD 5.4-RELEASE and Ports FreeBSD 5.3-RELEASE FreeBSD 5.3-RELEASE and Ports FreeBSD 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE and Ports FreeBSD 5.2-RELEASE FreeBSD 5.2-RELEASE and Ports FreeBSD 5.1-RELEASE FreeBSD 5.0-RELEASE FreeBSD 4.11-RELEASE FreeBSD 4.11-RELEASE and Ports FreeBSD 4.10-RELEASE FreeBSD 4.10-RELEASE and Ports FreeBSD 4.9-RELEASE FreeBSD 4.9-RELEASE and Ports FreeBSD 4.8-RELEASE FreeBSD 4.8-RELEASE and Ports FreeBSD 4.7-RELEASE FreeBSD 4.6.2-RELEASE FreeBSD 4.6.2-RELEASE and Ports FreeBSD 4.6-RELEASE FreeBSD 4.6-RELEASE and Ports FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE and Ports FreeBSD 4.4-RELEASE FreeBSD 4.3-RELEASE FreeBSD 4.3-RELEASE and Ports FreeBSD 4.2-RELEASE FreeBSD 4.2-RELEASE and Ports FreeBSD 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE and Ports FreeBSD 4.1-RELEASE FreeBSD 4.0-RELEASE FreeBSD 3.5.1-RELEASE FreeBSD 3.5.1-RELEASE and Ports FreeBSD 3.5-RELEASE and Ports FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE and Ports FreeBSD 3.3-RELEASE FreeBSD 3.2-RELEASE FreeBSD 3.1-RELEASE FreeBSD 3.0-RELEASE FreeBSD 2.2.8-RELEASE FreeBSD 2.2.8-RELEASE and Ports FreeBSD 2.2.7-RELEASE FreeBSD 2.2.6-RELEASE FreeBSD 2.2.5-RELEASE FreeBSD 2.2.2-RELEASE FreeBSD 2.2.1-RELEASE FreeBSD 2.1.7.1-RELEASE FreeBSD 2.1.6.1-RELEASE FreeBSD 2.1.5-RELEASE FreeBSD 2.1.0-RELEASE FreeBSD 2.0.5-RELEASE FreeBSD 2.0-RELEASE FreeBSD 1.1.5.1-RELEASE FreeBSD 1.1-RELEASE FreeBSD 1.0-RELEASE FreeBSD Ports 15.0 FreeBSD Ports 14.3 FreeBSD Ports 14.3.quarterly FreeBSD Ports 14.2 FreeBSD Ports 14.1 FreeBSD Ports 14.0 FreeBSD Ports 13.5 FreeBSD Ports 13.4 FreeBSD Ports 13.3 FreeBSD Ports 13.2 FreeBSD Ports 13.1 FreeBSD Ports 13.0 FreeBSD Ports 12.4 FreeBSD Ports 12.3 FreeBSD Ports 12.2 FreeBSD Ports 12.1 FreeBSD Ports 12.0 FreeBSD Ports 11.4 FreeBSD Ports 11.3 FreeBSD Ports 11.2 FreeBSD Ports 11.1 FreeBSD Ports 11.0 FreeBSD Ports 10.4 FreeBSD Ports 10.3 FreeBSD Ports 10.2 FreeBSD Ports 10.1 FreeBSD Ports 10.0 FreeBSD Ports 9.3 FreeBSD Ports 9.2 FreeBSD Ports 9.1 FreeBSD Ports 9.0 FreeBSD Ports 8.4 FreeBSD Ports 8.3 FreeBSD Ports 8.2 FreeBSD Ports 8.1 FreeBSD Ports 8.0 FreeBSD Ports 7.4 FreeBSD Ports 7.3 FreeBSD Ports 7.2 FreeBSD Ports 7.1 FreeBSD Ports 7.0 FreeBSD Ports 6.4 FreeBSD Ports 6.3 FreeBSD Ports 6.2 FreeBSD Ports 6.0 FreeBSD Ports 5.5 FreeBSD Ports 5.4 FreeBSD Ports 5.3 FreeBSD Ports 5.2.1 FreeBSD Ports 5.2 FreeBSD Ports 5.1 FreeBSD Ports 4.11 FreeBSD Ports 4.10 FreeBSD Ports 4.9 FreeBSD Ports 4.8 FreeBSD Ports 4.7 FreeBSD Ports 4.6.2 FreeBSD Ports 4.6 FreeBSD Ports 4.5 FreeBSD Ports 4.3 FreeBSD Ports 4.2 FreeBSD Ports 4.1.1 FreeBSD Ports 3.5.1 FreeBSD Ports 3.5 FreeBSD Ports 3.4 FreeBSD Ports 2.2.8 4.4BSD Lite2 4.3BSD NET/2 4.3BSD Reno 2.11 BSD 2.10 BSD 2.9.1 BSD 2.8 BSD 386BSD 0.1 386BSD 0.0 CentOS 7.9 CentOS 7.8 CentOS 7.7 CentOS 7.6 CentOS 7.5 CentOS 7.4 CentOS 7.3 CentOS 7.2 CentOS 7.1 CentOS 7.0 CentOS 6.10 CentOS 6.9 CentOS 6.8 CentOS 6.7 CentOS 6.6 CentOS 6.5 CentOS 6.4 CentOS 6.3 CentOS 6.2 CentOS 6.1 CentOS 6.0 CentOS 5.11 CentOS 5.10 CentOS 5.9 CentOS 5.8 CentOS 5.7 CentOS 5.6 CentOS 5.5 CentOS 5.4 CentOS 4.8 CentOS 3.9 Darwin 8.0.1/ppc Darwin 7.0.1 Darwin 6.0.2/x86 Darwin 1.4.1/x86 Darwin 1.3.1/x86 Debian 14.0 unstable Debian 13.1.0 Debian 12.12.0 Debian 11.11.0 Debian 10.13.0 Debian 9.13.0 Debian 8.11.1 Debian 7.11.0 Debian 6.0.10 Debian 5.0.10 Debian 4.0.9 Debian 3.1.8 Debian 2.2.7 Debian 2.0.0 Dell UNIX SVR4 2.2 DragonFly 6.4.0 DragonFly 5.8.3 DragonFly 4.8.1 DragonFly 3.8.2 DragonFly 2.10.1 DragonFly 1.12.1 DragonFly 1.0A HP-UX 11.22 HP-UX 11.20 HP-UX 11.11 HP-UX 11.00 HP-UX 10.20 HP-UX 10.10 HP-UX 10.01 HP-UX 9.07 HP-UX 8.07 Inferno 4th Edition IRIX 6.5.30 Linux Slackware 3.1 MACH 2.5/i386 macOS 26.0 macOS 15.7 macOS 14.8 macOS 13.6.5 macOS 12.7.3 macOS 11.1 macOS 10.15.7 macOS 10.13.6 macOS 10.12.0 Minix 3.3.0 Minix 3.2.1 Minix 3.2.0 Minix 3.1.7 Minix 3.1.6 Minix 3.1.5 Minix 2.0.0 NetBSD 10.1 NetBSD 10.0 NetBSD 9.4 NetBSD 9.3 NetBSD 9.2 NetBSD 9.1 NetBSD 9.0 NetBSD 8.3 NetBSD 8.2 NetBSD 8.1 NetBSD 8.0 NetBSD 7.2 NetBSD 7.1.2 NetBSD 7.1 NetBSD 7.0 NetBSD 6.1.5 NetBSD 6.0 NetBSD 5.2.3 NetBSD 5.2 NetBSD 5.1 NetBSD 5.0 NetBSD 4.0.1 NetBSD 4.0 NetBSD 3.1 NetBSD 3.0 NetBSD 2.1 NetBSD 2.0.2 NetBSD 2.0 NetBSD 1.6.2 NetBSD 1.6.1 NetBSD 1.6 NetBSD 1.5.3 NetBSD 1.5.2 NetBSD 1.5.1 NetBSD 1.5 NetBSD 1.4.3 NetBSD 1.4.2 NetBSD 1.4.1 NetBSD 1.4 NetBSD 1.3.3 NetBSD 1.3.2 NetBSD 1.3.1 NetBSD 1.3 NetBSD 1.2.1 NetBSD 1.2 NetBSD 1.1 NetBSD 1.0 NeXTSTEP 3.3 OpenBSD 7.8 OpenBSD 7.7 OpenBSD 7.6 OpenBSD 7.5 OpenBSD 7.4 OpenBSD 7.3 OpenBSD 7.2 OpenBSD 7.1 OpenBSD 7.0 OpenBSD 6.9 OpenBSD 6.8 OpenBSD 6.7 OpenBSD 6.6 OpenBSD 6.5 OpenBSD 6.4 OpenBSD 6.3 OpenBSD 6.2 OpenBSD 6.1 OpenBSD 6.0 OpenBSD 5.9 OpenBSD 5.8 OpenBSD 5.7 OpenBSD 5.6 OpenBSD 5.5 OpenBSD 5.4 OpenBSD 5.3 OpenBSD 5.2 OpenBSD 5.1 OpenBSD 5.0 OpenBSD 4.9 OpenBSD 4.8 OpenBSD 4.7 OpenBSD 4.6 OpenBSD 4.5 OpenBSD 4.4 OpenBSD 4.3 OpenBSD 4.2 OpenBSD 4.1 OpenBSD 4.0 OpenBSD 3.9 OpenBSD 3.8 OpenBSD 3.7 OpenBSD 3.6 OpenBSD 3.5 OpenBSD 3.4 OpenBSD 3.3 OpenBSD 3.2 OpenBSD 3.1 OpenBSD 3.0 OpenBSD 2.9 OpenBSD 2.8 OpenBSD 2.7 OpenBSD 2.6 OpenBSD 2.5 OpenBSD 2.4 OpenBSD 2.3 OpenBSD 2.2 OpenBSD 2.1 OpenBSD 2.0 OpenDarwin 7.2.1 OpenDarwin 6.6.2/x86 OpenDarwin 6.6.1/x86 OpenDarwin 20030208pre4/ppc OpenIndiana 2024.10 OpenIndiana 2022.10 OpenIndiana 2020.10 OpenIndiana 2017.10 OpenIndiana 2015.10 OpenIndiana 2013.08 OpenSolaris 2010.03 OpenSolaris 2009.06 OpenStep 4.2 openSUSE 42.3 openSUSE 42.2 openSUSE 42.1 openSUSE 16.0 openSUSE 15.6 openSUSE 15.5 openSUSE 15.4 openSUSE 15.3 openSUSE 15.2 openSUSE 15.1 openSUSE 15.0 openSUSE 13.2 openSUSE 13.1 openSUSE 11.4 openSUSE 11.3 openSUSE 11.2 openSUSE 10.3 openSUSE 10.2 OSF1 V5.1/alpha OSF1 V4.0/alpha OSF1 V1.0/mips Plan 9 Red Hat 9.0 Red Hat 8.0 Red Hat 7.3 Red Hat 7.2 Red Hat 7.1 Red Hat 7.0 Red Hat 6.2 Red Hat 6.1 Red Hat 5.2 Red Hat 5.0 Red Hat 4.2 Rhapsody DR1 Rhapsody DR2 Rocky 10.0 Rocky 9.6 Rocky 9.5 Rocky 9.4 Rocky 9.3 Rocky 9.2 Rocky 9.1 Rocky 9.0 Rocky 8.10 Rocky 8.9 Rocky 8.8 Rocky 8.7 Rocky 8.6 Rocky 8.5 Rocky 8.4 Rocky 8.3 Sun UNIX 0.4 SunOS 5.10 SunOS 5.9 SunOS 5.8 SunOS 5.7 SunOS 5.6 SunOS 5.5.1 SunOS 4.1.3 SuSE 11.3 SuSE 11.2 SuSE 11.1 SuSE 11.0 SuSE 10.3 SuSE 10.2 SuSE 10.1 SuSE 10.0 SuSE 9.3 SuSE 9.2 SuSE 8.2 SuSE 8.1 SuSE 8.0 SuSE 7.3 SuSE 7.2 SuSE 7.1 SuSE 7.0 SuSE 6.4 SuSE 6.3 SuSE 6.1 SuSE 6.0 SuSE 5.3 SuSE 5.2 SuSE 5.0 SuSE 4.3 SuSE ES 10 SP1 Ubuntu 24.04 noble Ubuntu 23.10 mantic Ubuntu 22.04 jammy Ubuntu 20.04 focal Ubuntu 18.04 bionic Ubuntu 16.04 xenial Ubuntu 14.04 trusty ULTRIX 4.2 Ultrix-32 2.0/VAX Unix Seventh Edition X11R7.4 X11R7.3.2 X11R7.2 X11R6.9.0 X11R6.8.2 X11R6.7.0 XFree86 4.8.0 XFree86 4.7.0 XFree86 4.6.0 XFree86 4.5.0 XFree86 4.4.0 XFree86 4.3.0 XFree86 4.2.99.3 XFree86 4.2.0 XFree86 4.1.0 XFree86 4.0.2 XFree86 4.0.1 XFree86 4.0 XFree86 3.3.6 XFree86 3.3 XFree86 2.1 All Architectures html pdf ascii

home | help

---

ETTERCAP-PLUGINS(8)	    System Manager's Manual	   ETTERCAP-PLUGINS(8)

NAME
       ettercap-plugins	- A collection of plugins for ettercap

DESCRIPTION
       Ettercap(8) supports loadable modules at	runtime. They are called plug-
       ins  and	 they  come  within the	source tarball.	They are automatically
       compiled	if your	system	supports  them	or  until  you	specify	 -DEN-
       ABLE_PLUGINS=OFF	option to the cmake configure script.
       Some  of	 older	ettercap  plugins (roper, banshee, and so on) have not
       been ported in the new version.	By the way, you	can achieve  the  same
       results by using	new filtering engine.
       If  you use interactive mode, most plugins need to "Start Sniff"	before
       using them.

       To have a list of plugins installed in your system do that command:

	      ettercap -P list

       The following is	a list of available plugins:

       arp_cop

	      It reports suspicious ARP	activity by passively  monitoring  ARP
	      requests/replies.	 It can	report ARP posioning attempts, or sim-
	      ple  IP-conflicts	 or IP-changes.	 If you	build the initial host
	      list the plugin will run more accurately.

	      example :

	      ettercap -TQP arp_cop //

       autoadd

	      It will automatically add	new victims to the ARP poisoning  mitm
	      attack  when  they come up. It looks for ARP requests on the lan
	      and when detected	it will	add the	host to	the victims list if it
	      was specified in the TARGET. The host is added when an  arp  re-
	      quest is seen form it, since communicating hosts are alive :)

       chk_poison

	      It performs a check to see if the	arp poisoning module of	etter-
	      cap  was	successful.  It	sends spoofed ICMP echo	packets	to all
	      the victims of the poisoning pretending to be each of the	 other
	      targets.	If  we can catch an ICMP reply with our	MAC address as
	      destination it means that	the poisoning between those  two  tar-
	      gets  is	successful. It checks both ways	of each	communication.
	      This plugin makes	sense only where poisoning makes  sense.   The
	      test  fails  if you specify only one target in silent mode.  You
	      can't run	this plugin from command line  because	the  poisoning
	      process  is  not	started	 yet.  You  have to launch it from the
	      proper menu.

       dns_spoof

	      This plugin intercepts DNS query and reply with  a  spoofed  an-
	      swer. You	can choose to which addresses the plugin has to	reply,
	      and  the expiry time in seconds (TTL) by modifying the etter.dns
	      file. The	plugin intercepts A, AAAA, PTR,	MX, WINS, SRV and  TXT
	      request.	If  it	was  an	A request, the name is searched	in the
	      file and the IP address is returned (you can  use	 wildcards  in
	      the name).
	      The same applies if it was a AAAA	request.

	      TTL  is  an optional field which is specified as the last	option
	      in an entry in the etter.dns file. The TTL  is  specified	 in  a
	      number of	seconds	from 0 to 2^31-1 (see RFC 2181). TTL is	speci-
	      fied on a	per-host basis.	If the TTL is not specified for	a par-
	      ticular host, the	default	value is 3600 seconds (1 hour).

	      If  it was a PTR request,	the IP address is searched in the file
	      and the name is returned (except for  those  name	 containing  a
	      wildcard).  For  PTR  requests,  IPv4 or IPv6 addresses are sup-
	      ported.

	      In case of MX request a special reply is crafted.	 The  host  is
	      resolved	with a fake host 'mail.host' and the additional	record
	      contains the IP address of 'mail.host'. The first	 address  that
	      matches  is  returned,  so be careful with the order. The	IP ad-
	      dress for	MX requests can	be a IPv4 or a IPv6 address.

	      If the request was a WINS	request, the name is searched  in  the
	      file and the IP address is returned.

	      In  case of SRV request, a special reply is crafted. The host is
	      resolved with a fake host	'srv.host' and the  additional	record
	      contains	the  IP	 address of 'srv.host'.	The IP address for SRV
	      requests can be a	IPv4 or	a IPv6 address.

	      In case of a TXT request,	the string defined is being  returned.
	      The string has to	be wrapped in double quotes. Wildcards for the
	      requested	name can also be used.

	      A	 special  reply	 can be	spoofed	for A or AAAA requests,	if the
	      'undefined address' is specified as the IP address in the	 file.
	      Then  the	client gets a response which stops resolution process-
	      ing immediately. This way	one can	control	which  address	family
	      is being used to access a	dual-stacked host.

	      In  the  case of an ANY request, all matching results of type A,
	      AAAA, MX and TXT are returned in the reply.  If  the  'undefined
	      address'	for  A or AAAA records is defined, nothing is returned
	      for these	types whether or not the name matches.

       mdns_spoof

	      This plugin does the same	 as  the  dns_spoof  plugin  described
	      above,  despite that it listens for mDNS (Multicast DNS) queries
	      on UDP port 5353.	 To choose to which address the	 plugin	 shall
	      reply,  you have to modify a diffent file	called etter.mdns. Due
	      to the nature of mDNS, the plugin	intercepts only	A,  AAAA,  PTR
	      and SRV requests.

	      The way the mdns_spoof plugin interprets the etter.mdns file and
	      the  rules that apply are	the same as with the dns_spoof plugin,
	      although currently the mdns_spoof	plugin lacks support for  cus-
	      tom TTL. The TTL for all spoofed mDNS replies is 3600 seconds (1
	      hour).

       dos_attack

	      This plugin runs a d.o.s.	attack against a victim	IP address. It
	      first  "scans"  the  victim  to  find open ports,	then starts to
	      flood these ports	with SYN packets, using	a "phantom" address as
	      source IP. Then it uses fake ARP replies	to  intercept  packets
	      for  the phantom host. When it receives SYN-ACK from the victim,
	      it replies with an ACK packet creating  an  ESTABLISHED  connec-
	      tion.   You have to use a	free IP	address	in your	subnet to cre-
	      ate the "phantom"	host (you can use find_ip for  this  purpose).
	      You can't	run this plugin	in unoffensive mode.
	      This   plugin  is	 based	on  the	 original  Naptha  DoS	attack
	      (http://razor.bindview.com/publish/advisories/adv_NAPTHA.html)

	      example :

	      ettercap -TQP dos_attack

       dummy

	      Only a template to demonstrate how to write a plugin.

       find_conn

	      Very simple plugin that listens for ARP requests to show you all
	      the targets an host wants	to talk	to. It can also	help you find-
	      ing addresses in an unknown LAN.

	      example :

	      ettercap -TQzP find_conn

	      ettercap -TQu -i eth0 -P find_conn

       find_ettercap

	      Try to identify ettercap packets sent on the LAN.	 It  could  be
	      useful to	detect if someone is using ettercap. Do	not rely on it
	      100% since the tests are only on particular sequence/identifica-
	      tion numbers.

       find_ip

	      Find  the	 first unused IP address in the	range specified	by the
	      user in the target list. Some other plugins (such	as  gre_relay)
	      need  an	unused	IP address of the LAN to create	a "fake" host.
	      It can also be useful to obtain an IP address in an unknown  LAN
	      where  there  is no dhcp server. You can use find_conn to	deter-
	      mine the IP addressing of	the LAN, and then find_ip.   You  have
	      to build host list to use	this plugin so you can't use it	in un-
	      offensive	 mode. If you don't have an IP address for your	inter-
	      face, give it a bogus one	(e.g. if the  LAN  is  192.168.0.0/24,
	      use  10.0.0.1  to	avoid conflicting IP), then launch this	plugin
	      specifying the subnet range.  You	can run	 it  either  from  the
	      command line or from the proper menu.

	      example :

	      ettercap -TQP find_ip //

	      ettercap -TQP find_ip /192.168.0.1-254/

       finger

	      Uses  the	 passive fingerprint capabilities to fingerprint a re-
	      mote host. It does a connect() to	the remote host	to  force  the
	      kernel to	reply to the SYN with a	SYN+ACK	packet.	The reply will
	      be  collected  and  the  fingerprint is displayed. The connect()
	      obey to the connect_timeout parameter in etter.conf(5). You  can
	      specify  a target	on command-line	or let the plugin ask the tar-
	      get host to be fingerprinted. You	can also specify multiple tar-
	      get with the usual multi-target specification (see ettercap(8)).
	      if you specify multiple ports, all the ports will	be  tested  on
	      all the IPs.

	      example :

	      ettercap -TzP finger /192.168.0.1/22
	      ettercap -TzP finger /192.168.0.1-50/22,23,25

       finger_submit

	      Use this plugin to submit	a fingerprint to the ettercap website.
	      If  you  found an	unknown	fingerprint, but you know for sure the
	      operating	system of the target, you can submit it	so it will  be
	      inserted	in  the	database in the	next ettercap release. We need
	      your help	to increase the	passive	 fingerprint  database.	 Thank
	      you very much.

	      example :

	      ettercap -TzP finger_submit

       fraggle_attack

	      This  plugin  performs  a	 DoS  attack  because it sends a large
	      amount of	UDP echo and chargen traffic to	all hosts  in  target2
	      with a fake source ip address (victim).

	      example (192.168.0.5 is the victim):

	      ettercap -i eth1 -Tq /192.168.0.5/ // -P fraggle_attack

       gre_relay

	      This  plugin can be used to sniff	GRE-redirected remote traffic.
	      The basic	idea is	to create a GRE	 tunnel	 that  sends  all  the
	      traffic  on a router interface to	the ettercap machine. The plu-
	      gin will send back the GRE packets to the	router,	after ettercap
	      "manipulation" (you can use "active" plugins such	 as  smb_down,
	      ssh  decryption, filters,	etc... on redirected traffic) It needs
	      a	"fake" host where the traffic has  to  be  redirected  to  (to
	      avoid kernel's responses). The "fake" IP will be the tunnel end-
	      point.   Gre_relay  plugin will impersonate the "fake" host.  To
	      find an unused IP	address	 for  the  "fake"  host	 you  can  use
	      find_ip  plugin.	Based on the original Tunnelx technique	by An-
	      thony    C.    Zboralski	   (http://www.phrack.org/archives/is-
	      sues/56/10.txt).

       gw_discover

	      This  plugin  try	 to discover the gateway of the	lan by sending
	      TCP SYN packets to a remote host.	The packet has the destination
	      IP of a remote host and the destination mac address of  a	 local
	      host.  If	 ettercap  receives the	SYN+ACK	packet,	the host which
	      own the source mac address of the	reply is the gatway.  This op-
	      eration is repeated for each host	in the	'host  list',  so  you
	      need to have a valid host	list before launching this plugin.

	      example :

	      ettercap -TP gw_discover /192.168.0.1-50/

       isolate

	      The  isolate  plugin  will isolate an host form the LAN. It will
	      poison the victim's arp cache with its own mac  address  associ-
	      ated  with  all  the host	it tries to contact. This way the host
	      will not be able to contact other	hosts because the packet  will
	      never reach the wire.
	      You can specify all the host or only a group. the	targets	speci-
	      fication	work this way: the target1 is the victim and must be a
	      single host, the target2 can be a	range of addresses and	repre-
	      sent the hosts that will be blocked to the victim.

	      examples :

	      ettercap -TzqP isolate /192.168.0.1/ //
	      ettercap -TP isolate /192.168.0.1/ /192.168.0.2-30/

       krb5_downgrade

	      It downgrades Kerberos V5	security by modifying the etype	values
	      in  client AS-REQ	packets. This way, obtained hashes can be eas-
	      ily cracked by John the Ripper (JtR). You	 have  to  be  in  the
	      "middle"	of the connection to successfully use it. It hooks the
	      kerberos dissector, so you have to keep it active.

       link_type

	      It performs a check of the link type (hub	or switch) by  sending
	      a	 spoofed  ARP  request	and listening for replies. It needs at
	      least one	entry in the host list to perform the check. With  two
	      or more hosts the	test will be more accurate.

	      example :

	      ettercap -TQP link_type /192.168.0.1/
	      ettercap -TQP link_type //

       pptp_chapms1

	      It  forces the pptp tunnel to negotiate MS-CHAPv1	authentication
	      instead of MS-CHAPv2, that is usually easier to crack (for exam-
	      ple with LC4).  You have to be in	the "middle" of	the connection
	      to use it	successfully.  It hooks	the ppp	dissector, so you have
	      to keep them active.

       pptp_clear

	      Forces no	compression/encryption for pptp	tunnels	during negoti-
	      ation.  It could fail if client (or the server) is configured to
	      hang off the tunnel if no	encryption is negotiated.  You have to
	      be in the	"middle" of the	connection to use it successfully.  It
	      hooks the	ppp dissector, so you have to keep them	active.

       pptp_pap

	      It forces	the pptp tunnel	to negotiate PAP (cleartext) authenti-
	      cation.  It could	fail if	PAP is not  supported,	if  pap_secret
	      file  is	missing,  or  in  case windows is configured with "au-
	      thomatic use of domain account". (It could fail for  many	 other
	      reasons  too).  You have to be in	the "middle" of	the connection
	      to use it	successfully.  It hooks	the ppp	dissector, so you have
	      to keep them active.

       pptp_reneg

	      Forces re-negotiation on an existing pptp	tunnel.	 You can force
	      re-negotiation for grabbing passwords already sent.  Furthermore
	      you can launch it	to use pptp_pap, pptp_chapms1 or pptp_clear on
	      existing tunnels (those plugins  work  only  during  negotiation
	      phase).  You have	to be in the "middle" of the connection	to use
	      it  successfully.	  It  hooks  the ppp dissector,	so you have to
	      keep them	active.

       rand_flood

	      Floods the LAN with random MAC  addresses.  Some	switches  will
	      fail  open  in  repeating	mode, facilitating sniffing. The delay
	      between each packet is based on the port_steal_send_delay	 value
	      in etter.conf.
	      It is useful only	on ethernet switches.

	      example :

	      ettercap -TP rand_flood

       remote_browser

	      It  sends	to the browser the URLs	sniffed	thru HTTP sessions. So
	      you are able to see the webpages in real time. The command  exe-
	      cuted is configurable in the etter.conf(5) file. It sends	to the
	      browser  only  the  GET requests and only	for webpages, ignoring
	      single request to	images or other	amenities.  Don't  use	it  to
	      view your	own connection :)

       reply_arp

	      Simple  arp  responder.  When it intercepts an arp request for a
	      host in the targets' lists, it replies with attacker's  MAC  ad-
	      dress.

	      example :

	      ettercap -TQzP reply_arp /192.168.0.1/
	      ettercap -TQzP reply_arp //

       repoison_arp

	      It  solicits  poisoning packets after broadcast ARP requests (or
	      replies) from a posioned host.  For example:  we	are  poisoning
	      Group1  impersonating  Host2. If Host2 makes a broadcast ARP re-
	      quest for	Host3, it is possible that Group1 caches the right MAC
	      address for Host2	contained in the ARP packet. This  plugin  re-
	      poisons Group1 cache immediately after a legal broadcast ARP re-
	      quest (or	reply).
	      This plugin is effective only during an arp-posioning session.
	      In conjunction with the reply_arp	plugin,	repoison_arp is	a good
	      support for the standard arp-poisoning mitm method.

	      example :

	      ettercap	-T  -M	arp:remote  -P	repoison_arp /192.168.0.10-20/
	      /192.168.0.1/

       scan_poisoner

	      Check if someone is poisoning between some host in the list  and
	      us.   First  of  all it checks if	two hosts in the list have the
	      same mac address.	 It could mean that one	of those is  poisoning
	      us  pretending  to  be the other.	 It could generate many	false-
	      positives	in a proxy-arp environment.  You have to  build	 hosts
	      list  to	perform	 this  check.	After that, it sends icmp echo
	      packets to each host in the list and checks if  the  source  mac
	      address  of the reply differs from the address we	have stored in
	      the list for that	ip.  It	could mean that	someone	 is  poisoning
	      that  host pretending to have our	ip address and forwards	inter-
	      cepted packets to	us.  You can't perform this active test	in un-
	      offensive	mode.

	      example :

	      ettercap -TQP scan_poisoner //

       search_promisc

	      It tries to find if anyone is sniffing in	promisc	mode. It sends
	      two different kinds of malformed arp request to each  target  in
	      the host list and	waits for replies. If a	reply arrives from the
	      target host, it's	more or	less probable that this	target has the
	      NIC in promisc mode. It could generate false-positives.  You can
	      launch  it either	from the command line or from the plugin menu.
	      Since it listens for arp replies it is better that you don't use
	      it while sending arp request.

	      example :

	      ettercap -TQP search_promisc /192.168.0.1/
	      ettercap -TQP search_promisc //

       smb_clear

	      It forces	the client to send smb password	in clear-text by  man-
	      gling  protocol  negotiation.  You have to be in the "middle" of
	      the connection to	successfully use it. It	hooks the smb  dissec-
	      tor,  so	you  have  to keep it active.  If you use it against a
	      windows client it	will probably result in	 a  failure.   Try  it
	      against a	*nix smbclient :)

       smb_down

	      It  forces the client to not to use NTLM2	password exchange dur-
	      ing smb authentication. This way,	obtained hashes	can be	easily
	      cracked  by  LC4.	 You have to be	in the "middle"	of the connec-
	      tion to successfully use it.  It hooks the smb dissector,	so you
	      have to keep it active.

       smurf_attack

	      The Smurf	Attack is a DoS	attack in which	huge numbers  of  ICMP
	      packets with the intended	victim(s) IP(s)	in target1 are sent to
	      the  hosts  in  target2. This causes all hosts on	the target2 to
	      reply to the ICMP	request, causing significant  traffic  to  the
	      victim's computer(s).

	      example (192.168.0.5 is the victim):

	      ettercap -i eth1 -Tq /192.168.0.5/ // -P fraggle_attack

       sslstrip

	      While  performing	 the SSL mitm attack, ettercap substitutes the
	      real ssl certificate with	its own.  The fake certificate is cre-
	      ated on the fly and all the fields are filled according  to  the
	      real cert	presented by the  server. Only the  issuer is modified
	      and signed with the private key contained	in the 'etter.ssl.crt'
	      file.   If  you  want to use a different private key you have to
	      regenerate this file. To regenerate the cert file	use  the  fol-
	      lowing commands:

	      openssl genrsa -out etter.ssl.crt	1024
	      openssl req -new -key etter.ssl.crt -out tmp.csr
	      openssl  x509 -req -days 1825 -in	tmp.csr	-signkey etter.ssl.crt
	      -out tmp.new
	      cat tmp.new >> etter.ssl.crt
	      rm -f tmp.new tmp.csr

	      NOTE: SSL	mitm is	not available (for now)	in bridged mode.

	      NOTE: You	can use	the --certificate/--private-key	 long  options
	      if  you  want  to	 specify a different file rather  than the et-
	      ter.ssl.crt file.

       stp_mangler

	      It sends spanning	tree BPDUs pretending to be a switch with  the
	      highest  priority.  Once in the "root" of	the spanning tree, et-
	      tercap can receive all the "unmanaged" network traffic.
	      It is useful only	against	a group	of switches running STP.
	      If there is another switch with the  highest  priority,  try  to
	      manually decrease	your MAC address before	running	it.

	      example :

	      ettercap -TP stp_mangler

ORIGINAL AUTHORS
       Alberto Ornaghi (ALoR) <alor@users.sf.net>
       Marco Valleri (NaGA) <naga@antifork.org>

PROJECT	STEWARDS
       Emilio Escobar (exfil)  <eescobar@gmail.com>
       Eric Milam (Brav0Hax)  <jbrav.hax@gmail.com>

OFFICIAL DEVELOPERS
       Mike Ryan (justfalter)  <falter@gmail.com>
       Gianfranco Costamagna (LocutusOfBorg)  <costamagnagianfranco@yahoo.it>
       Antonio Collarino (sniper)  <anto.collarino@gmail.com>
       Ryan Linn   <sussuro@happypacket.net>
       Jacob Baines   <baines.jacob@gmail.com>

CONTRIBUTORS
       Dhiru Kholia (kholia)  <dhiru@openwall.com>
       Alexander Koeppe	(koeppea)  <format_c@online.de>
       Martin Bos (PureHate)  <purehate@backtrack.com>
       Enrique Sanchez
       Gisle Vanem  <giva@bgnett.no>
       Johannes	Bauer  <JohannesBauer@gmx.de>
       Daten (Bryan Schneiders)	 <daten@dnetc.org>

SEE ALSO
       ettercap(8) ettercap_curses(8) etterlog(8) etterfilter(8) etter.conf(5)
       ettercap-pkexec(8)

ettercap 0.8.3.1					   ETTERCAP-PLUGINS(8)

---

NAME | DESCRIPTION | ORIGINAL AUTHORS | PROJECT STEWARDS | OFFICIAL DEVELOPERS | CONTRIBUTORS | SEE ALSO

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=ettercap_plugins&sektion=8&manpath=FreeBSD+Ports+15.0>

home | help

---

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact