In  silent mode (-z option) only the first target is selected, if you want to poison mul‐
                     tiple target in silent mode use the -j option to load a list from a file.
                     You can select empty targets and they will be expanded as ’ANY’ (all  the  hosts  in  the
                     LAN).  The  target  list  is joined with the hosts list (created by the arp scan) and the
                     result is used to determine the victims of the attack.
                     The parameter "remote" is optional and you have to specify it if you want to sniff remote
                     ip address poisoning a gateway. Indeed if you specify a victim and the gw in the TARGETS,
                     ettercap will sniff only connection between them, but to enable ettercap to sniff connec‐
[user@debian7:~]$ man ettercap
Переформатирование ettercap(8), подождите...
 ESCOA
       -v, --versionill be named LOGFILE.eciassive dns resolution for free... ;).1. "taken back"  his  port,  so
 ESCOA
              Print the version and exit.1 304 Not Modified"  becomes: the packets decrypted successfully willocal
 ESCOA
       -m, --log-msg <LOGFILE> decoders stack, the others will be skipped with a message.see below)ted TARGET.
 ESCOA
       -h, --helpstores in <LOGFILE> all the user messages printed by ettercap. This can be  useful  when  you
 ESCOA
              prints the help screen with a short summary of the available options. the messages. Indeed, somecan be a
 ESCOA
              dissectors print messages but their information is not stored anywhere, so this is the only  wayRP
       to sniff ALL the traffic BUT the one coming or  going  to  10.0.0.1  you  can  specify  "./ettercap  -R
EXAMPLES      to keep track of them.ot print users and passwords as they are collected. Only store them in the€
       SNIFFING AND ATTACK OPTIONSIMAP 4, VNC, LDAP, NFS, SNMP, HALF LIFE, QUAKE 3, MSN, YMSG (other protocols
       Here are some examples of using ettercap.ettercap in text only mode but you don’t want  to  be  flooded
       coming soon...)the middle of the cable between two entities. Don’t use it on gateways or it will trans‐
       -c, --compressissectors  messages.  Useful  when  using  plugins because the sniffing process is always€
       ettercap NG has a new unified sniffing method. This implies that ip_forwarding in the kernel is  always
       ettercap -Tpess  the logfile with the gzip algorithm while it is dumped. etterlog(8) is capable of han‐
       disabled and the forwarding is done by ettercap. Every packet with destination mac address equal to the
              dling both compressed and uncompressed log files.on.ecification, use TARGET as always.m  a  mitm
       host’s mac address and destination ip address different for the one bound to the  iface  will  be  for‐
              In  console  mode  (-C  option), standalone plugins are executed and then the application exits.
       warded  by  ettercap.  Before forwarding them, ettercap can content filter, sniff, log or drop them. It
ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA the text. A tag is every string between < and >.e traffic in
       does not matter how these packets are hijacked, ettercap will process them. You can even  use  external€
              Stores profiles information belonging only to the LAN hosts.etc/etter.conf.  This is  useful  ifly
       programs to hijack packet.e connections list you can kill all the connections you wantattack. The  cru‐
Listening on eth0... (Ethernet)nger /192.168.0.1/22 different situations.em through the TARGETs if you want to
       You  have  full control of what ettercap should receive. You can use the internal mitm attacks, set the
              NOTE: this option is effective only against the profiles collected in memory.  While logging  to
       interface in promisc mode, use plugins or use every method you want. the initialization phase, the root
  eth0 ->     a 00:16:3E:00:00:07      192.168.16.7     255.255.255.0them, use the related etterlog(8) option.
       privs  are  not  needed  anymore, so ettercap drops them to UID = 65535 (nobody). Since ettercap has to
              inline help)ercap will put the interface in promisc mode to sniff all the traffic on  the  wire.
       IMPORTANT NOTE: if you run ettercap on a gateway, remember to re-enable  the  ip_forwarding  after  you
SSL dissection needs a valid 'redir_command_on' script in the etter.conf fileed.nable the promisc mode.
       have killed ettercap. Since ettercap drops its privileges, it cannot restore the ip_forwarding for you.
Privileges dropped to UID 65534 GID 65534...longing only to remote hosts.arsed by etterlog(8) to extract human
       value of the uid you want to drop the privs to (e.g.  export EC_UID=500) or set the  correct  parameter
              readable data. With this option, all packets sniffed by ettercap will be logged,  together  with
       -M, --mitm <METHOD:ARGS>o sniff an SSH connection in FULL-DUPL