October 18th, 2004, 06:51 PM
What your experience with Ettercap
I was wondering if some people who have used ettercap could tell me about their experiences.
My main questions are:
Does it work well and did it perform to what you expected?
Is there are danger of corrupting the tables of the switches you are working with. Did you ever have problems with this. From my understanding it plays with the tables as to get the data to flow to out the right port. Perhaps I need some explanation on this too.
I'm familiar with ARP, RARP, and MACs so a basic explanation of who ettercap works the switches is all I would need.
Thanks for reading!
October 18th, 2004, 07:44 PM
Depends on how you're using it, I understand you're thinking about a MitM [Man-in-the-Middle] attack, in that case with ARP poisoning you might run a chance of corrupting something... why not experience on your own LAN? [otherwise it would be illegal eh?]
I only used ettercap as a packet sniffer on localhost for some challenges I did a while back, and for that purpose it was excellent. Never tried MitM with it, though.
October 18th, 2004, 07:45 PM
I used to use it to monitor my irc/bzflag/httpd servers. It worked well. Although as everyone logged in i could read their passwords, which kind of made them nervous