Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.
Disclaimer: The following is a basic tutorial to explain the concept of ARP Poisoning and MITM attacks, and is intended to serve an educational purpose only. Do not try to abuse these methods; and never, ever try these on a work environment unless you are willing to risk your job/reputation and have plenty good friends in good places who will be able to get you a new job… 
Ettercap is available in the Ubuntu 8.10 repositories, and can be added either via Synaptic or through the terminal :
$ sudo apt-get install ettercap
Alternatively, you may install it from the website: http://ettercap.sourceforge.net/download.php
Once installed, it can be accessed from the Applications menu. Please note you will need administrative access to run this program.
——————————————————————————————
MITM Tutorial:
ARP stands for Address Resolution Protocol and it allows the network to translate IP addresses into MAC addresses. A MITM attack is one where a hijacker’s machine is placed in the logical way between two machines connected together.
Once positioned in the middle the hijacker can listen to and bypass all traffic between the two machines.
Instructions:
1. Open a terminal and start ettercap as root : sudo ettercap -G
2. Click Sniff > Unified, select the NIC you want to use.
3. Click Hosts > Scan for hosts
4. Click Host, Hosts List (or just press H)
5. In the hosts list, highlight the victim host and click the button “Add to Target1”.
6. Click Start > Start sniffing
7. Click Mitm > Arp poisoning. Select the “Sniff Remote Connections” option.
You should now see the list of connections and passwords scrolling in the space below.
8. To stop the attacks, click Mitm > Stop Mitm attacks.
9. Click Sniff > Stop Sniffing > Exit.
Note: If you see an error about SSL dissection, you need to uncomment some code in the etter.conf file to enable SSL dissection.
Open up a terminal window and type “sudo nano /usr/local/etc/etter.conf”, without the quotes. Scroll down using your arrow keys until you find this piece of code:
————————
if you use iptables:
# redir_command_on = “iptables -t nat -A PREROUTING -i %iface -p tcp -dport %port -j REDIRECT -to-port %rport”
# redir_command_off = “iptables -t nat -D PREROUTING -i %iface -p tcp -dport %port -j REDIRECT -to-port %rport”
————————
Just uncomment the above two lines and you will stop receiving the error.
Apr 01, 2009 @ 14:30:08
Hello!
Very Interesting post! Thank you for such interesting resource!
PS: Sorry for my bad english, I’v just started to learn this language
See you!
Your, Raiul Baztepo
Apr 09, 2009 @ 04:04:07
Hi !!!!
I am Piter Kokoniz. oOnly want to tell, that your posts are really interesting
And want to ask you: will you continue to post in this blog in future?
Sorry for my bad english:)
Thank you!
Piter.
Feb 09, 2010 @ 00:38:30
Its work like a charm in Ubuntu 9.10 Karmic Koala
Kelvin, PR USA
Feb 19, 2010 @ 23:06:30
Thanks for your comments. Please keep visiting, a lot of new info is coming!!
May 05, 2010 @ 10:27:46
Wow!
Thats classy man! Great piece of work
Thanks for sharing that,I was searching the web and found your entry. I really like your site and found it worth while reading through the posts.Glad I found your site. Good content and very helpful
By the way for more information on Professional Training and Certification for Ethical Hacking check this link: http://www.eccouncil.org/certification/certified_ethical_hacker.aspx
May 31, 2010 @ 08:18:33
Does it still work on today new web browser or more updated and secure web browser?
Jun 05, 2010 @ 13:59:46
yes it does.. but please use these instructions only for testing/educational purposes. you may also want to look at the post on BACKTRACK Linux, which is a full featured security distro.