openbsd-ports/net/ettercap/pkg/DESCR

Ettercap is a multipurpose sniffer/interceptor/logger for switched
LAN.  It supports active and passive dissection of many protocols
(even ciphered ones) and includes many features for network and host
analysis. 

It's possible to sniff in four modes.

+ IP Based, the packets are filtered on IP source and destination
+ MAC Based, packets filtered on mac address, useful to sniff
  connections through gateway
+ ARP based, uses arp poisoning to sniff in switched lan between
  two hosts (full-duplex).
+ PublicARP based, uses arp poisoning to sniff in switched LAN
  from a victim host to all other hosts (half-duplex). 
          
Cool Features:

* Characters injection in an established connection:
  you can inject character to server (emulating commands) or to
  client (emulating replies) maintaining the connection alive !!
* SSH1 support:
  you can sniff User and Pass, and even the data of an SSH1
  connection. ettercap is the first software capable to sniff an
  SSH connection in FULL-DUPLEX
* Plug-ins support:
  You can create your own plugin using the ettercap's API.
* Password collector for:
  TELNET, FTP, POP, RLOGIN, SSH1, ICQ, SMB, MySQL, HTTP
  (other protocols coming soon...) 
* OS fingerprint:
  you can fingerprint the OS of the victim host and even its
  network adapter 
* Kill a connection:
  from the connections list you can kill all the connections you
  want.
ettercap-0.4.0 - multi-purpose sniffer/interceptor/logger 2001-04-12 03:58:35 -04:00			`Ettercap is a multipurpose sniffer/interceptor/logger for switched`
			`LAN. It supports active and passive dissection of many protocols`
Update to version 0.6b -- - Plugins now works with GTK+ interface - Updated the passive OS fingerprint database (1279 records) - Fixed internal refreshing (for huge traffic loads) - Fixed wifi-dump support - Fixed some possible buffer overflows 2003-11-01 19:38:32 -05:00			`(even ciphered ones) and includes many features for network and host`
ettercap-0.4.0 - multi-purpose sniffer/interceptor/logger 2001-04-12 03:58:35 -04:00			`analysis.`

			`It's possible to sniff in four modes.`

			`+ IP Based, the packets are filtered on IP source and destination`
			`+ MAC Based, packets filtered on mac address, useful to sniff`
			`connections through gateway`
			`+ ARP based, uses arp poisoning to sniff in switched lan between`
			`two hosts (full-duplex).`
			`+ PublicARP based, uses arp poisoning to sniff in switched LAN`
			`from a victim host to all other hosts (half-duplex).`

			`Cool Features:`

Update to version 0.6.a -- Changes: Now the connections are buffered, so you can view past event data. A new sniffing method (port stealing) was added as a plugin. The SMB dissector and troll plugin were enhanced. Three new plugins, confusion, hunter, and SMB suite, have been added. The demonization problem and the StateMachine timeout session handling problem were fixed. Also enable gtk support (which was experimental in the last version), adding of no_x11 FLAVOR, although with gtk enabled you also have the ncurses interface available. 2003-05-13 04:57:47 -04:00			`* Characters injection in an established connection:`
ettercap-0.4.0 - multi-purpose sniffer/interceptor/logger 2001-04-12 03:58:35 -04:00			`you can inject character to server (emulating commands) or to`
			`client (emulating replies) maintaining the connection alive !!`
Update to version 0.6.a -- Changes: Now the connections are buffered, so you can view past event data. A new sniffing method (port stealing) was added as a plugin. The SMB dissector and troll plugin were enhanced. Three new plugins, confusion, hunter, and SMB suite, have been added. The demonization problem and the StateMachine timeout session handling problem were fixed. Also enable gtk support (which was experimental in the last version), adding of no_x11 FLAVOR, although with gtk enabled you also have the ncurses interface available. 2003-05-13 04:57:47 -04:00			`* SSH1 support:`
ettercap-0.4.0 - multi-purpose sniffer/interceptor/logger 2001-04-12 03:58:35 -04:00			`you can sniff User and Pass, and even the data of an SSH1`
			`connection. ettercap is the first software capable to sniff an`
			`SSH connection in FULL-DUPLEX`
Update to version 0.6.a -- Changes: Now the connections are buffered, so you can view past event data. A new sniffing method (port stealing) was added as a plugin. The SMB dissector and troll plugin were enhanced. Three new plugins, confusion, hunter, and SMB suite, have been added. The demonization problem and the StateMachine timeout session handling problem were fixed. Also enable gtk support (which was experimental in the last version), adding of no_x11 FLAVOR, although with gtk enabled you also have the ncurses interface available. 2003-05-13 04:57:47 -04:00			`* Plug-ins support:`
ettercap-0.4.0 - multi-purpose sniffer/interceptor/logger 2001-04-12 03:58:35 -04:00			`You can create your own plugin using the ettercap's API.`
Update to version 0.6.a -- Changes: Now the connections are buffered, so you can view past event data. A new sniffing method (port stealing) was added as a plugin. The SMB dissector and troll plugin were enhanced. Three new plugins, confusion, hunter, and SMB suite, have been added. The demonization problem and the StateMachine timeout session handling problem were fixed. Also enable gtk support (which was experimental in the last version), adding of no_x11 FLAVOR, although with gtk enabled you also have the ncurses interface available. 2003-05-13 04:57:47 -04:00			`* Password collector for:`
ettercap-0.4.0 - multi-purpose sniffer/interceptor/logger 2001-04-12 03:58:35 -04:00			`TELNET, FTP, POP, RLOGIN, SSH1, ICQ, SMB, MySQL, HTTP`
			`(other protocols coming soon...)`
Update to version 0.6.a -- Changes: Now the connections are buffered, so you can view past event data. A new sniffing method (port stealing) was added as a plugin. The SMB dissector and troll plugin were enhanced. Three new plugins, confusion, hunter, and SMB suite, have been added. The demonization problem and the StateMachine timeout session handling problem were fixed. Also enable gtk support (which was experimental in the last version), adding of no_x11 FLAVOR, although with gtk enabled you also have the ncurses interface available. 2003-05-13 04:57:47 -04:00			`* OS fingerprint:`
ettercap-0.4.0 - multi-purpose sniffer/interceptor/logger 2001-04-12 03:58:35 -04:00			`you can fingerprint the OS of the victim host and even its`
			`network adapter`
Update to version 0.6.a -- Changes: Now the connections are buffered, so you can view past event data. A new sniffing method (port stealing) was added as a plugin. The SMB dissector and troll plugin were enhanced. Three new plugins, confusion, hunter, and SMB suite, have been added. The demonization problem and the StateMachine timeout session handling problem were fixed. Also enable gtk support (which was experimental in the last version), adding of no_x11 FLAVOR, although with gtk enabled you also have the ncurses interface available. 2003-05-13 04:57:47 -04:00			`* Kill a connection:`
			`from the connections list you can kill all the connections you`
			`want.`