Ettercap is a multipurpose sniffer/interceptor/logger for
switched LAN.

It supports active and passive dissection of many protocols
(even ciphered ones) and includes many feature for network
and host analysis. It's possible to sniff in four modes.

+ IP Based, the packets are filtered on IP source and dest
+ MAC Based, packets filtered on mac address, useful to sniff
  connections through gateway
+ ARP based, uses arp poisoning to sniff in switched lan between
  two hosts (full-duplex).
+ PublicARP based, uses arp poisoning to sniff in switched lan
  from a victim host to all other hosts (half-duplex).

Cool Features:

- Characters injection in an established connection : you can
  inject character to server (emulating commands) or to client
  (emulating replies) maintaining the connection alive !!

- SSH1 support : you can sniff User and Pass, and even the data
  of an SSH1 connection. ettercap is the first software capable
  to sniff an SSH connection in FULL-DUPLEX

- HTTPS support : you can sniff http SSL secured data... and even
  if the connection is made through a PROXY

- Remote traffic through GRE tunnel: you can sniff remote traffic
  through a GRE tunnel from a remote cisco router and make mitm
  attack on it.

- Plug-ins support : You can create your own plugin using the ettercap's API.

- Password collector for : TELNET, FTP, POP, RLOGIN, SSH1, ICQ, SMB,
  MySQL, HTTP, NNTP, X11, NAPSTER, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC,
  LDAP, NFS, SNMP, HALF LIFE, QUAKE 3, MSN, YMSG (other protocols
  coming soon...)

- Packet filtering/dropping: You can set up a filter that search for
  a particular string (even hex) in the TCP or UDP payload and replace
  it with yours or drop the entire packet. 

- OS fingerprint: you can fingerprint the OS of the victim host and even
  its network adapter 

- Kill a connection: from the connections list you can kill all the
  connections you want 

- Passive scanning of the LAN: you can retrive infos about: hosts in the
  lan, open ports, services version, type of the host (gateway, router or 
  simple host) and extimated distance in hop. 

- Check for other poisoners: ettercap has the ability to actively or
  passively find other poisoners on the LAN 

Supported Platforms:

  Linux 2.0.x, Linux 2.2.x, Linux 2.4.x, FreeBSD 4.x, OpenBSD 2.[789] 3.0,
  NetBSD 1.5, Mac OS X (darwin 1.3 1.4 5.1), Windows NT/2000/XP.

It doesn't require any lib such as libpcap, libnet or libnids, even
ncurses is not necessary, but strongly recommended ;)

The ettercap homepage is located at:

        http://ettercap.sourceforge.net/