Network Method of Scan type scanning tool information gathering Nmap 7.40 Active TCP-SYN Scan, Service Detection Scan, HTTP Banner Grab Zmap 2.1.0 Active ICMP Ping Sweep, TCP SYN Scan, NTP Scan Tshark 2.0.5 Passive Promiscuous-mode Packet Capture Ettercap 0.8.2 Passive Man-in-the-middle Traffic Intercept Table 3: A table showing the types of tools and scans to be run against the SCADA system.
(vii) Ettercap 0.8.2: it is a tool which allows users to perform man-in-the-middle attacks on local area networks.
As Tenable's Passive Vulnerability Scanner (PVS) was unavailable for these experiments, using a combination of both Tshark and Ettercap would ensure that the full functionally of such tool could be replicated and analysed on the IP network.
When testing Ettercap, a MITM intercept tool, the previously referenced Tshark observation points were removed and two additional machines were added to the network.
The workshop also immerses attendees in the exploitation of vulnerable ICS systems and protocols using tools and methods such as Metasploit, Armitage, John the Ripper, Ettercap
, Wireshark, hex editors, packet injection, etc.
It comprises tools such as: Aircrack-ng, Kismet, Nmap, Ettercap
, Wireshark, wids.py.
is a free and open source network security tool for man-in-the-middle attacks on LAN.
Would-be miscreants who want to utilize the technique can now simply buy the components "off the shelf' to carry out such an attack by employing ready-made toolkits like Ettercap
, dsniff, and Mallory (a creative use of the classic MitM character's name).
In the second experiment, we have setup man in the middle attack between the trusted client and the server as shown in Figure 5 with the Ettercap
v0.7.3  installed at the adversary machine.
Examples of the tools used are Arpspoof, which redirects packets from a target host on the LAN to the intended host on the same LAN, by forging Address Resolution Protocol replies to the target host; SSLStrip, to hijack HTTP traffic; Ettercap
, a utility for sniffing, intercepting and logging; or Wireshark, a network protocol analyser used as a packet sniffer.
The authors, who are managers at Ernst & Young's advanced security center, discuss Nessus, Ettercap
, Hydra, Nikto, the Metasploit framework, the PMD tool, Linux kernel modules, network sniffers, and packet injectors.
The same root is also found in Scots attercap or more commonly ettercap
, a spider or a venomous person.