Network Security Audit

How Ettercap Listens to Your Network

Imagine passing a secret note in class. What if the person in the middle reads the note, changes a word, and then passes it along? You would never know. This is exactly what Ettercap does to computers.

Where Does This Happen?

The Local Network (LAN)

Ettercap only works on a "Local Network." Think of a local network like a single room in a house. Everyone in that room is connected to the same Wi-Fi box (router).

Your home Wi-Fi
A coffee shop Wi-Fi
An office building network

It cannot attack a computer across the world. The attacker must be in the same "room" (network) as you.

The "Man in the Middle"

Normally, your computer talks directly to the internet router. Ettercap tricks both your computer and the router into thinking it is the other one.

Your Computer Sends Data

Ettercap The Spy

The Router To Internet

Two Ways to Attack

Passive Attack

The tool just sits and listens. It does not touch the data. It is like a spy sitting on a park bench listening to you talk on the phone.

Goal: Read passwords and secret data as they float by in the air.

Active Attack

The tool grabs the data, changes it, and then sends it. It is like intercepting a letter, rewriting it, and putting it back in the mail.

Goal: Break secure connections or send the user to a fake website.

Packet Sniffing Explained

When you send a message online, it does not go as one big piece. It is chopped up into tiny envelopes called packets. Ettercap opens these envelopes as they fly through the air.

--- ENVELOPE (PACKET) CAPTURED ---

FROM: 192.168.1.5 (Your Computer)

TO: Website Login Page

TYPE: Plain Text (No lock)

INSIDE THE ENVELOPE: Username: admin | Password: supersecret123

Catching Passwords

If a website is not safe (it does not use a padlock or HTTPS), your password is sent in plain, readable text. Because Ettercap is standing in the middle of your connection, it sees the password exactly as you typed it.

This is why you should never log into your bank on free airport Wi-Fi!

Changing the Rules (Modification)

Because Ettercap holds your data before it reaches the internet, it can change things.

Filter Data

It can block certain words or websites from loading.

Replace Text

It can change images on a webpage to something else.

Fake Websites

It can send you to a fake login page to steal details.

Why is this tool legal?

Ettercap is a tool. Like a hammer, it can build a house or break a window.

Security professionals (the good guys) use it to test their own networks. By pretending to be the bad guy, they can find weak spots in their Wi-Fi and fix them before a real criminal attacks. This is called Demonstrating Vulnerabilities.

The "Fake ID" Trick (ARP Spoofing)

Every computer has a unique name tag. Ettercap shouts to the whole network, "Hey, I am the internet router! Here is my name tag!" Your computer believes it without checking, giving the attacker your data.

REAL ROUTER ID Safe & Verified

Name: Default Gateway

Tag: AA:BB:CC:11:22:33

FAKE ROUTER ID Ettercap Disguise

Name: Default Gateway

Tag: XX:YY:ZZ:99:88:77

The Contact Book Trick (DNS Spoofing)

When you type a website name, your computer looks up its number in a digital phone book. Ettercap can hand your computer a fake phone book and send you to a fake website instead.

You Type	Real Number	Ettercap Fake Number
mybank.com	198.51.100.1	10.0.0.99 (Hacker)
email.com	203.0.113.5	10.0.0.99 (Hacker)

Breaking the Padlock (SSL Stripping)

Secure websites use a padlock (HTTPS) to scramble your data. Ettercap tries to block the padlock from working, forcing the website to load in standard, unsafe text (HTTP).

HTTPS Scrambled Data

STRIPPED

HTTP Plain Text (Readable)

What Do Attackers Need?

You do not need a supercomputer to run Ettercap. The tools are shockingly simple and cheap.

A Basic Laptop

Any standard computer from the last 10 years will work perfectly.

Linux System

A free operating system, like Kali Linux, that has the tools built in.

Wi-Fi Adapter

A cheap USB plug that lets the laptop reach far into the network.

The Coffee Shop Danger Zone

Why are coffee shops and airports so dangerous? Because everyone shares the exact same password to join the Wi-Fi.

When you are at home, only your family is allowed in. At a café, the attacker could be the person sitting at the next table, connected to the same network, completely invisible to you.

Your Phone is a Target Too

People often think only computers get hacked. But if your smartphone is connected to the Wi-Fi, Ettercap treats it exactly like a laptop.

Public Wi-Fi

Apps send data invisibly!

Many simple weather apps, free games, or news apps do not use safe locks. Ettercap can read the data these apps send out of your phone in the background.

Changing Words Automatically (Filters)

Attackers can write simple code so Ettercap automatically changes words or images on the websites you visit as they load.

# Ettercap Word Replacement Rule

if (website_text contains "Send money to Bob") {

replace_text_with("Send money to Hacker");

}

How the Good Guys Catch It

Network managers have tools to catch Ettercap. They use a system called "Dynamic ARP Inspection," which is like putting a security guard at the router to check every single ID card.

The Alarm Sounds When:

The security guard sees one computer trying to use two different name tags, or claiming to be the main router. The network instantly blocks that computer and kicks the attacker off.

Timeline of a Stolen Password

Here is exactly how fast an attack happens when you sit down at an unsafe location.

10:00 AM

You sit down and connect to "Cafe_Free_WiFi".

10:01 AM

The attacker turns on Ettercap. It tricks your computer into sending all data directly to them instead of the router.

10:03 AM

You log into a website without a padlock. The attacker instantly sees your password on their screen in plain text.

Your Daily Safety Checklist

I will never check my bank account or enter credit cards on free public Wi-Fi.

I will look for the closed padlock symbol (HTTPS) before typing any password.

I will use a VPN (Virtual Private Network) if I have to use a hotel or airport network.

How to Protect Yourself

You cannot always stop someone from using Ettercap on a public network, but you can make the data they steal useless to them.

1. Look for the Padlock (HTTPS)
Only use websites that have "https://" at the start. This scrambles your data. If Ettercap steals it, it just looks like garbage math.
2. Use a VPN on Public Wi-Fi
A Virtual Private Network puts your data in a steel pipe. Even if Ettercap is on the network, it cannot break the pipe to read your data.
3. Avoid Open Networks
If a Wi-Fi network does not ask for a password to join, anyone can sit on it and listen. Be very careful what you do on free Wi-Fi.

Simple Word List

Sniffing Listening to computer traffic that is not yours.

Vulnerability A weakness or hole in computer security.

Credential Capture Stealing usernames and passwords.

Mitigation Fixing the problem so it cannot happen again.