Chapter 2. Developing Dissectors and Plug-ins for the Ettercap Network Sniffer
Ettercap
is a
network analyzer that is free and open
source. Advanced features such as ARP poisoning, packet filtering,
and OS fingerprinting, along with support for password dissectors and
plug-ins make Ettercap a powerful tool and a favorite among many
network administrators. Ettercap has been known to compile on various
Unix and Linux flavors, and has been successfully ported to run on
Microsoft Windows operating systems.
This chapter introduces the concept of writing dissectors and
plug-ins for Ettercap. Dissectors allow you to grab important
information, such as usernames and passwords, that are transmitted
over a network. For the purposes of understanding how to write a
dissector, we will step through a dissector that captures and
displays FTP usernames and passwords. Then, to demonstrate how to
write an Ettercap plug-in, we will step through a plug-in that alerts
the user when one host on the network attempts to establish a new TCP
connection with another host.
|