macOS
brew install ettercaplocal Homebrew formula metadata
sudo port install ettercapMacPorts ports tree · net/ettercap/Portfile · Quelle: api.github.com
brew
Prüfe Installationswege, Executables, Metadaten und Sicherheitshinweise für ettercap in AI-Agent-Workflows.
Installation
brew install ettercaplocal Homebrew formula metadata
sudo port install ettercapMacPorts ports tree · net/ettercap/Portfile · Quelle: api.github.com
sudo apk add ettercapAlpine Linux edge package indexes · ettercap · Quelle: dl-cdn.alpinelinux.org
sudo dnf install ettercapFedora Rawhide package metadata · ettercap · Quelle: dl.fedoraproject.org
nix profile install nixpkgs#ettercapnixpkgs package indexes · pkgs/by-name/et/ettercap/package.nix · Quelle: api.github.com
sudo pacman -S ettercapArch Linux sync databases · ettercap · Quelle: geo.mirror.pkgbuild.com
sudo apt install ettercap-commonDebian stable package indexes · ettercap-common · Quelle: deb.debian.org
Überblick
Multipurpose sniffer/interceptor/logger for switched LAN
Verlauf
Ettercap is a long-running open-source network security suite for man-in-the-middle work on local networks. Its command-line package provides sniffing, interception, packet filtering, logging, protocol dissection, and host/network analysis tools for switched LAN environments.
Ettercap dates to the early 2000s; the current GitHub README identifies the project copyright as 2001-current by the Ettercap development team. Early package descriptions framed it as a multipurpose sniffer, interceptor, and logger for switched LANs, a niche that mattered when Ethernet switching made simple hub-style packet sniffing less effective.
The Ettercap-NG generation in the mid-2000s broadened the tool with a modernized interface, plugins, multiple simultaneous MITM attacks, and a more structured core. The official download history shows NG releases in 2004 and 2005, the Lazarus line in 2011 and 2012, the 0.8 series beginning in 2013, and later Garofalo releases continuing maintenance into 2026.
Ettercap became a standard security-lab and penetration-testing package because it combined active and passive protocol dissection with practical MITM mechanisms such as ARP poisoning, bridged sniffing, filtering, and connection logging. Its package metadata across Unix-like systems reflects that role: it is distributed in Homebrew, Debian and Ubuntu, Fedora, Arch, Alpine, MacPorts, Nix, and other security-oriented environments.
The project has remained recognizable because it occupies the space between packet analyzers and attack simulators. Users can capture and analyze traffic like a sniffer, but can also alter or redirect traffic in ways useful for authorized testing of LAN trust assumptions.
The main `ettercap` program is used in text, curses, or graphical modes to discover hosts, select targets, run MITM modules, sniff traffic, and apply filters. Companion commands such as `etterfilter` and `etterlog` support compiling packet filters and inspecting saved logs.
The manual documents practical workflows such as ARP poisoning, bridge-mode interception with two interfaces, pcap-filtered capture, offline analysis from pcap files, and writing captured packets for later inspection with tools such as tcpdump or Wireshark.
Ettercap is package-nerd significant because it is a classic security tool whose build and runtime surface spans libpcap, libnet, OpenSSL, plugin support, terminal UI, optional GTK UI, GeoIP/MaxMind data, and privileged network access. Packaging it correctly means preserving both the text-mode toolchain and the surrounding data/config layout.
It also shows why security packages age differently from ordinary CLIs: release history is full of protocol-support updates, build fixes, memory-safety fixes, and CVE-related maintenance, while the core LAN-testing workflow remains recognizable decades after the first releases.
Sicherheitslage
escape, surveillance, or offensive capability signal.
red Risiko · mittel Konfidenz · escape-surveillance-offensive
Prüfe vor unbeaufsichtigter Agent-Nutzung, ob das Tool Klartext-Credentials liest, Remote-Zustand schreibt, Artefakte veröffentlicht oder Plugins ausführt.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
/etc/etter.confExecutables
| Befehl | Art | Sichtbarkeit | Hinweis |
|---|---|---|---|
ettercap | cli | globales Executable | |
ettercap-pkexec | cli | globales Executable | |
etterfilter | cli | globales Executable | |
etterlog | cli | globales Executable |
Aktualität
Diese Signale trennen das Alter der Seitengenerierung, Aktivität des Paketmanagers und Upstream-Release-Vergleich. Versionsrückstand wird nur gemeldet, wenn eine Evidenz-URL und vergleichbare Versionen vorhanden sind.
https://github.com/Ettercap/ettercap
Installationsmetadaten
| Paketschlüssel | brew:ettercap |
|---|---|
| Version | 0.8.4.1 |
| Paketmanager | Homebrew |
| Paketmanager-Seite | https://formulae.brew.sh/formula/ettercap |
| Homepage | https://ettercap.github.io/ettercap/ |
| Repository | https://github.com/Ettercap/ettercap |
| Upstream-Dokumentation | https://ettercap.github.io/ettercap |
| Lizenz | GPL-2.0-or-later |
| Quellarchiv | https://github.com/Ettercap/ettercap/archive/refs/tags/v0.8.4.1.tar.gz |
| Zuletzt aktualisiert | 2026-06-25T13:37:40+02:00 |
| Pulse | updated |
| Abhängigkeiten | at-spi2-core, cairo, freetype, gdk-pixbuf, glib, gtk+3, libmaxminddb, libnet, ncurses, openssl@3, pango, pcre2 |
| Build-Abhängigkeiten | cmake |
| Von macOS bereitgestellte Bibliotheken | curl, libpcap |
| Bottle | verfügbar (auf arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | nicht definiert |
| Dienst | keiner deklariert |
Registry-Fakten
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | ettercap |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
Source-Datenbank-Treffer
Treffer stammen aus externen Paketmanager-Indizes und bleiben von lokalen Automic-Vault-Paketlinks getrennt.
ettercap-common 1:0.8.3.1-14
Multipurpose sniffer/interceptor/logger for switched LAN
https://ettercap.github.io/ettercap/
sudo apt install ettercap-commonettercap-graphical 1:0.8.3.1-14
Ettercap GUI-enabled executable
https://ettercap.github.io/ettercap/
sudo apt install ettercap-graphicalettercap-text-only 1:0.8.3.1-14
Ettercap console-mode executable
https://ettercap.github.io/ettercap/
sudo apt install ettercap-text-onlyettercap
nix profile install nixpkgs#ettercapettercap-common 1:0.8.3.1-13build3
Multipurpose sniffer/interceptor/logger for switched LAN
https://ettercap.github.io/ettercap/
sudo apt install ettercap-commonettercap-graphical 1:0.8.3.1-13build3
Ettercap GUI-enabled executable
https://ettercap.github.io/ettercap/
sudo apt install ettercap-graphicalettercap-text-only 1:0.8.3.1-13build3
Ettercap console-mode executable
https://ettercap.github.io/ettercap/
sudo apt install ettercap-text-onlyettercap 0.8.4.1-r0
Multipurpose sniffer/interceptor/logger for switched LAN
https://www.ettercap-project.org/
sudo apk add ettercapettercap-doc 0.8.4.1-r0
Multipurpose sniffer/interceptor/logger for switched LAN (documentation)
https://www.ettercap-project.org/
sudo apk add ettercap-doclibettercap 0.8.4.1-r0
Multipurpose sniffer/interceptor/logger for switched LAN (libraries)
https://www.ettercap-project.org/
sudo apk add libettercapettercap 0.8.4.1-1.fc45
Network traffic sniffer/analyser, NCURSES interface version
http://ettercap.sourceforge.net
sudo dnf install ettercapettercap 0.8.4.1-1
Network sniffer/interceptor/logger for ethernet LANs - console
https://www.ettercap-project.org/
sudo pacman -S ettercapettercap-gtk 0.8.4.1-1
Network sniffer/interceptor/logger for ethernet LANs - GTK frontend
https://www.ettercap-project.org/
sudo pacman -S ettercap-gtkettercap
sudo port install ettercapQuellspur
Diese Seite wird von av-web aus dem privaten Paket-SQLite-Artefakt bereitgestellt, das scripts/generate-pkg-sqlite.py erstellt.
View the package source record on GitHub.