macOS
brew install ettercaplocal Homebrew formula metadata
sudo port install ettercapMacPorts ports tree · net/ettercap/Portfile · 来源: api.github.com
安装
brew install ettercaplocal Homebrew formula metadata
sudo port install ettercapMacPorts ports tree · net/ettercap/Portfile · 来源: api.github.com
sudo apk add ettercapAlpine Linux edge package indexes · ettercap · 来源: dl-cdn.alpinelinux.org
sudo dnf install ettercapFedora Rawhide package metadata · ettercap · 来源: dl.fedoraproject.org
nix profile install nixpkgs#ettercapnixpkgs package indexes · pkgs/by-name/et/ettercap/package.nix · 来源: api.github.com
sudo pacman -S ettercapArch Linux sync databases · ettercap · 来源: geo.mirror.pkgbuild.com
sudo apt install ettercap-commonDebian stable package indexes · ettercap-common · 来源: deb.debian.org
概览
Multipurpose sniffer/interceptor/logger for switched LAN
历史
Ettercap is a long-running open-source network security suite for man-in-the-middle work on local networks. Its command-line package provides sniffing, interception, packet filtering, logging, protocol dissection, and host/network analysis tools for switched LAN environments.
Ettercap dates to the early 2000s; the current GitHub README identifies the project copyright as 2001-current by the Ettercap development team. Early package descriptions framed it as a multipurpose sniffer, interceptor, and logger for switched LANs, a niche that mattered when Ethernet switching made simple hub-style packet sniffing less effective.
The Ettercap-NG generation in the mid-2000s broadened the tool with a modernized interface, plugins, multiple simultaneous MITM attacks, and a more structured core. The official download history shows NG releases in 2004 and 2005, the Lazarus line in 2011 and 2012, the 0.8 series beginning in 2013, and later Garofalo releases continuing maintenance into 2026.
Ettercap became a standard security-lab and penetration-testing package because it combined active and passive protocol dissection with practical MITM mechanisms such as ARP poisoning, bridged sniffing, filtering, and connection logging. Its package metadata across Unix-like systems reflects that role: it is distributed in Homebrew, Debian and Ubuntu, Fedora, Arch, Alpine, MacPorts, Nix, and other security-oriented environments.
The project has remained recognizable because it occupies the space between packet analyzers and attack simulators. Users can capture and analyze traffic like a sniffer, but can also alter or redirect traffic in ways useful for authorized testing of LAN trust assumptions.
The main `ettercap` program is used in text, curses, or graphical modes to discover hosts, select targets, run MITM modules, sniff traffic, and apply filters. Companion commands such as `etterfilter` and `etterlog` support compiling packet filters and inspecting saved logs.
The manual documents practical workflows such as ARP poisoning, bridge-mode interception with two interfaces, pcap-filtered capture, offline analysis from pcap files, and writing captured packets for later inspection with tools such as tcpdump or Wireshark.
Ettercap is package-nerd significant because it is a classic security tool whose build and runtime surface spans libpcap, libnet, OpenSSL, plugin support, terminal UI, optional GTK UI, GeoIP/MaxMind data, and privileged network access. Packaging it correctly means preserving both the text-mode toolchain and the surrounding data/config layout.
It also shows why security packages age differently from ordinary CLIs: release history is full of protocol-support updates, build fixes, memory-safety fixes, and CVE-related maintenance, while the core LAN-testing workflow remains recognizable decades after the first releases.
安全态势
escape, surveillance, or offensive capability signal.
red 风险 · 中 置信度 · escape-surveillance-offensive
在无人值守的代理使用前,请检查该工具是否读取明文凭据、写入远程状态、发布制品或调用插件。
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
/etc/etter.conf可执行文件
| 命令 | 类型 | 暴露范围 | 备注 |
|---|---|---|---|
ettercap | cli | 全局可执行文件 | |
ettercap-pkexec | cli | 全局可执行文件 | |
etterfilter | cli | 全局可执行文件 | |
etterlog | cli | 全局可执行文件 |
新鲜度
这些信号区分页生成时间、软件包管理器活动和上游发布比较。只有存在证据 URL 和可比较版本时,才会提示版本落后。
https://github.com/Ettercap/ettercap
安装元数据
| 软件包键 | brew:ettercap |
|---|---|
| 版本 | 0.8.4.1 |
| 软件包管理器 | Homebrew |
| 软件包管理器页面 | https://formulae.brew.sh/formula/ettercap |
| 主页 | https://ettercap.github.io/ettercap/ |
| 仓库 | https://github.com/Ettercap/ettercap |
| 上游文档 | https://ettercap.github.io/ettercap |
| 许可证 | GPL-2.0-or-later |
| 源码归档 | https://github.com/Ettercap/ettercap/archive/refs/tags/v0.8.4.1.tar.gz |
| 最后更新 | 2026-06-25T13:37:40+02:00 |
| Pulse | updated |
| 依赖 | at-spi2-core, cairo, freetype, gdk-pixbuf, glib, gtk+3, libmaxminddb, libnet, ncurses, openssl@3, pango, pcre2 |
| 构建依赖 | cmake |
| macOS 提供的库 | curl, libpcap |
| Bottle | 可用 (于 arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | 未定义 |
| 服务 | 未声明 |
注册表事实
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | ettercap |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
源数据库匹配
匹配项来自外部软件包管理器索引,并与本地 Automic Vault 软件包链接分开显示。
ettercap-common 1:0.8.3.1-14
Multipurpose sniffer/interceptor/logger for switched LAN
https://ettercap.github.io/ettercap/
sudo apt install ettercap-commonettercap-graphical 1:0.8.3.1-14
Ettercap GUI-enabled executable
https://ettercap.github.io/ettercap/
sudo apt install ettercap-graphicalettercap-text-only 1:0.8.3.1-14
Ettercap console-mode executable
https://ettercap.github.io/ettercap/
sudo apt install ettercap-text-onlyettercap
nix profile install nixpkgs#ettercapettercap-common 1:0.8.3.1-13build3
Multipurpose sniffer/interceptor/logger for switched LAN
https://ettercap.github.io/ettercap/
sudo apt install ettercap-commonettercap-graphical 1:0.8.3.1-13build3
Ettercap GUI-enabled executable
https://ettercap.github.io/ettercap/
sudo apt install ettercap-graphicalettercap-text-only 1:0.8.3.1-13build3
Ettercap console-mode executable
https://ettercap.github.io/ettercap/
sudo apt install ettercap-text-onlyettercap 0.8.4.1-r0
Multipurpose sniffer/interceptor/logger for switched LAN
https://www.ettercap-project.org/
sudo apk add ettercapettercap-doc 0.8.4.1-r0
Multipurpose sniffer/interceptor/logger for switched LAN (documentation)
https://www.ettercap-project.org/
sudo apk add ettercap-doclibettercap 0.8.4.1-r0
Multipurpose sniffer/interceptor/logger for switched LAN (libraries)
https://www.ettercap-project.org/
sudo apk add libettercapettercap 0.8.4.1-1.fc45
Network traffic sniffer/analyser, NCURSES interface version
http://ettercap.sourceforge.net
sudo dnf install ettercapettercap 0.8.4.1-1
Network sniffer/interceptor/logger for ethernet LANs - console
https://www.ettercap-project.org/
sudo pacman -S ettercapettercap-gtk 0.8.4.1-1
Network sniffer/interceptor/logger for ethernet LANs - GTK frontend
https://www.ettercap-project.org/
sudo pacman -S ettercap-gtkettercap
sudo port install ettercap来源线索
此页面由 av-web 从 scripts/generate-pkg-sqlite.py 生成的私有软件包 SQLite 工件提供。
View the package source record on GitHub.