In this guide we will use Kali Linux and Ettercap to sniff traffic from a host on the Local Area Network in a switched network environment.

From the “Sniff” menu, choose the Unified Sniffing option.

Choose a valid Network Interface and click OK.

From the Hosts menu, choose the ‘Scan for hosts’ option.

From the Hosts menu again, choose the ‘Hosts list’ option.

Find the entry for your default gateway (router), select it and click the ‘Add to Target 1’ button.

Find the entry the victim (target you want to sniff traffic from), select it and click the ‘Add to Target 2’ button.

From the Mitm menu, choose the ‘ARP poisoning’ option.

Choose ‘Sniff remote connections’ and click OK.

ARP table on victim machine. Attacker machine MAC address in yellow. Notice that the entry for the Default Gateway MAC address has changed to the attacker machine MAC address in the ARP table of the victim machine (arp -a command in Windows). This validates that the ARP poisoning was successful.

On the victim machine, open up a website and find a login form or similar and fill it out. Ettercap will automatically display user credentials in clear text (if the correct protocol is used) and other information in the output window. The victims network traffic is now being sniffed and automatically presented to the attacker.

Ettercap supports password discovery for many different protocols as HTTP, FTP, POP, SSH and many more.
It also provides other more advanced features.

As you may have noticed by now, Ettercap is extremely efficient and also very easy to use!