macOS
brew install ettercaplocal Homebrew formula metadata
sudo port install ettercapMacPorts ports tree · net/ettercap/Portfile · source: api.github.com
brew
Multipurpose sniffer/interceptor/logger for switched LAN. Version 0.8.4.1 via Homebrew; verified 2026-06-25.
install
brew install ettercaplocal Homebrew formula metadata
sudo port install ettercapMacPorts ports tree · net/ettercap/Portfile · source: api.github.com
sudo apk add ettercapAlpine Linux edge package indexes · ettercap · source: dl-cdn.alpinelinux.org
sudo apt install ettercap-commonDebian stable package indexes · ettercap-common · source: deb.debian.org
sudo dnf install ettercapFedora Rawhide package metadata · ettercap · source: dl.fedoraproject.org
nix profile install nixpkgs#ettercapnixpkgs package indexes · pkgs/by-name/et/ettercap/package.nix · source: api.github.com
sudo pacman -S ettercapArch Linux sync databases · ettercap · source: geo.mirror.pkgbuild.com
overview
Multipurpose sniffer/interceptor/logger for switched LAN
history
Ettercap is a long-running open-source network security suite for man-in-the-middle work on local networks. Its command-line package provides sniffing, interception, packet filtering, logging, protocol dissection, and host/network analysis tools for switched LAN environments.
Ettercap dates to the early 2000s; the current GitHub README identifies the project copyright as 2001-current by the Ettercap development team. Early package descriptions framed it as a multipurpose sniffer, interceptor, and logger for switched LANs, a niche that mattered when Ethernet switching made simple hub-style packet sniffing less effective.
The Ettercap-NG generation in the mid-2000s broadened the tool with a modernized interface, plugins, multiple simultaneous MITM attacks, and a more structured core. The official download history shows NG releases in 2004 and 2005, the Lazarus line in 2011 and 2012, the 0.8 series beginning in 2013, and later Garofalo releases continuing maintenance into 2026.
Ettercap became a standard security-lab and penetration-testing package because it combined active and passive protocol dissection with practical MITM mechanisms such as ARP poisoning, bridged sniffing, filtering, and connection logging. Its package metadata across Unix-like systems reflects that role: it is distributed in Homebrew, Debian and Ubuntu, Fedora, Arch, Alpine, MacPorts, Nix, and other security-oriented environments.
The project has remained recognizable because it occupies the space between packet analyzers and attack simulators. Users can capture and analyze traffic like a sniffer, but can also alter or redirect traffic in ways useful for authorized testing of LAN trust assumptions.
The main `ettercap` program is used in text, curses, or graphical modes to discover hosts, select targets, run MITM modules, sniff traffic, and apply filters. Companion commands such as `etterfilter` and `etterlog` support compiling packet filters and inspecting saved logs.
The manual documents practical workflows such as ARP poisoning, bridge-mode interception with two interfaces, pcap-filtered capture, offline analysis from pcap files, and writing captured packets for later inspection with tools such as tcpdump or Wireshark.
Ettercap is package-nerd significant because it is a classic security tool whose build and runtime surface spans libpcap, libnet, OpenSSL, plugin support, terminal UI, optional GTK UI, GeoIP/MaxMind data, and privileged network access. Packaging it correctly means preserving both the text-mode toolchain and the surrounding data/config layout.
It also shows why security packages age differently from ordinary CLIs: release history is full of protocol-support updates, build fixes, memory-safety fixes, and CVE-related maintenance, while the core LAN-testing workflow remains recognizable decades after the first releases.
security posture
escape, surveillance, or offensive capability signal.
red risk · medium confidence · escape-surveillance-offensive
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
/etc/etter.confexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
ettercap | cli | global executable | |
ettercap-pkexec | cli | global executable | |
etterfilter | cli | global executable | |
etterlog | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/Ettercap/ettercap
install metadata
| Package key | brew:ettercap |
|---|---|
| Version | 0.8.4.1 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/ettercap |
| Homepage | https://ettercap.github.io/ettercap/ |
| Repository | https://github.com/Ettercap/ettercap |
| Upstream docs | https://ettercap.github.io/ettercap |
| License | GPL-2.0-or-later |
| Source archive | https://github.com/Ettercap/ettercap/archive/refs/tags/v0.8.4.1.tar.gz |
| Last updated | 2026-06-25T13:37:40+02:00 |
| Pulse | updated |
| Dependencies | at-spi2-core, cairo, freetype, gdk-pixbuf, glib, gtk+3, libmaxminddb, libnet, ncurses, openssl@3, pango, pcre2 |
| Build dependencies | cmake |
| Uses from macOS | curl, libpcap |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | ettercap |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
ettercap-common 1:0.8.3.1-14
Multipurpose sniffer/interceptor/logger for switched LAN
https://ettercap.github.io/ettercap/
sudo apt install ettercap-commonettercap-graphical 1:0.8.3.1-14
Ettercap GUI-enabled executable
https://ettercap.github.io/ettercap/
sudo apt install ettercap-graphicalettercap-text-only 1:0.8.3.1-14
Ettercap console-mode executable
https://ettercap.github.io/ettercap/
sudo apt install ettercap-text-onlyettercap
nix profile install nixpkgs#ettercapettercap-common 1:0.8.3.1-13build3
Multipurpose sniffer/interceptor/logger for switched LAN
https://ettercap.github.io/ettercap/
sudo apt install ettercap-commonettercap-graphical 1:0.8.3.1-13build3
Ettercap GUI-enabled executable
https://ettercap.github.io/ettercap/
sudo apt install ettercap-graphicalettercap-text-only 1:0.8.3.1-13build3
Ettercap console-mode executable
https://ettercap.github.io/ettercap/
sudo apt install ettercap-text-onlyettercap 0.8.4.1-r0
Multipurpose sniffer/interceptor/logger for switched LAN
https://www.ettercap-project.org/
sudo apk add ettercapettercap-doc 0.8.4.1-r0
Multipurpose sniffer/interceptor/logger for switched LAN (documentation)
https://www.ettercap-project.org/
sudo apk add ettercap-doclibettercap 0.8.4.1-r0
Multipurpose sniffer/interceptor/logger for switched LAN (libraries)
https://www.ettercap-project.org/
sudo apk add libettercapettercap 0.8.4.1-1.fc45
Network traffic sniffer/analyser, NCURSES interface version
http://ettercap.sourceforge.net
sudo dnf install ettercapettercap 0.8.4.1-1
Network sniffer/interceptor/logger for ethernet LANs - console
https://www.ettercap-project.org/
sudo pacman -S ettercapettercap-gtk 0.8.4.1-1
Network sniffer/interceptor/logger for ethernet LANs - GTK frontend
https://www.ettercap-project.org/
sudo pacman -S ettercap-gtkettercap
sudo port install ettercapsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.