[user@debian7:~]$ man ettercap
Переформатирование ettercap(8), подождите...
ETTERCAP(8)                                                                                        ETTERCAP(8)
NAME
       ettercap NG-0.7.3 - A multipurpose sniffer/content filter for man in the middle attacks
***** IMPORTANT NOTE ******
       Since  ettercap  NG  (formerly 0.7.0), all the options have been changed. Even the target specification
       has been changed. Please read carefully this man page.
SYNOPSIS
       ettercap [OPTIONS] [TARGET1] [TARGET2]
       TARGET is in the form MAC/IPs/PORTs
       where IPs and PORTs can be ranges (e.g. /192.168.0.1-30,40,50/20,22,25)
DESCRIPTION
       Ettercap was born as a sniffer for switched LAN (and obviously even  "hubbed"  ones),  but  during  the
       development  process it has gained more and more features that have changed it to a powerful and flexi‐
       ble tool for man-in-the-middle attacks.  It supports active and passive dissection  of  many  protocols
       (even ciphered ones) and includes many features for network and host analysis (such as OS fingerprint).
       It has two main sniffing options:
       UNIFIED, this method sniffs all the packets that pass on the cable. You can choose to put  or  not  the
       interface  in  promisc  mode  (-p option). The packet not directed to the host running ettercap will be
       forwarded automatically using layer 3 routing. So you can use a mitm attack launched from  a  different
       tool and let ettercap modify the packets and forward them for you.
       The  kernel  ip_forwarding  is always disabled by ettercap. This is done to prevent to forward a packet
       twice (one by ettercap and one by the kernel).  This is an invasive behaviour on gateways. So we recom‐
       mend you to use ettercap on the gateways ONLY with the UNOFFENSIVE MODE ENABLED. Since ettercap listens
       only on one network interface, launching it on the gateway in offensive mode will not allow packets  to
       be rerouted back from the second interface.
 19:09:54 up 32 min,  9 users,  load average: 0,34, 0,15, 0,06
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
user     ttyp0    192.168.16.6     18:42    2:49m  0.10s  0.08s script -f -q /home/user/.lilalo//216364573305597
user     :0       -                18:40   ?xdm?  18.08s  0.10s /usr/bin/fluxbox
user     ttyp2    :0.0             18:40    0.00s  0.07s  0.06s script -f -q /home/user/.lilalo//307032993730586
user     ttyp4    192.168.16.5     18:41    2:44m  0.08s  0.08s script -f -q /home/user/.lilalo//605425115913424
user     ttyp6    :ttyp3:S.0       19:07    0.00s  0.10s  0.10s script -f -q /home/user/.lilalo//78546274143674-
user     ttyp8    192.168.16.4     18:41    2:46m  0.08s  0.08s script -f -q /home/user/.lilalo//186012587970461
user     ttypa    fbsd26.net.nt    18:42    2:40m  0.08s  0.08s script -f -q /home/user/.lilalo//622514810113152
user     ttypc    fbsd25.net.nt    18:42    2:44m  0.07s  0.07s script -f -q /home/user/.lilalo//310322548123064
user     ttype    fbsd24.net.nt    18:42    2:17m  0.09s  0.09s script -f -q /home/user/.lilalo//281902027276482