You are here: Home » Sniffing & Spoofing » Etterlog

Etterlog

Etterlog Description

Etterlog is the log analyzer for logfiles created by ettercap. It can handle both compressed (created with -Lc) or uncompressed logfiles. With this tool you can manipulate binary files as you like and you can print data in different ways all the times you want (in contrast with the previous logging system which was used to dump in a single static manner). You will be able to dump traffic from only one connection of your choice, from only one or more hosts, print data in hex, ascii, binary etc…

TIP: All non-useful messages are printed to stderr, so you can save the output from etterlog with the following command:

etterlog [options] logfile > outfile

Thus you can dump for example a binary file from an ftp connection if you print the data in binary mode, without headers and selecting only the ftp server as the source of the communication.

Homepage: http://ettercap.github.io/ettercap/

Authors: Alberto Ornaghi (ALoR), Marco Valleri (NaGA), Emilio Escobar (exfil), Eric Milam (J0hnnyBrav0), Gianfranco Costamagna (LocutusOfBorg)

License: GPLv2

Etterlog Help

Usage: etterlog [OPTIONS] logfile
General Options:
  -a, --analyze               analyze a log file and return useful infos
  -c, --connections           display the table of connections
  -f, --filter <TARGET>       print packets only from this target
  -t, --proto <proto>         display only this proto (default is all)
  -F, --filcon <CONN>         print packets only from this connection 
  -s, --only-source           print packets only from the source
  -d, --only-dest             print packets only from the destination
  -r, --reverse               reverse the target/connection matching
  -n, --no-headers            skip header information between packets
  -m, --show-mac              show mac addresses in the headers
  -k, --color                 colorize the output
  -l, --only-local            show only local hosts parsing info files
  -L, --only-remote           show only remote hosts parsing info files

Search Options:
  -e, --regex <regex>         display only packets that match the regex
  -u, --user <user>           search for info about the user <user>
  -p, --passwords             print only accounts information
  -i, --show-client           show client address in the password profiles
  -I, --client <ip>           search for pass from a specific client

Editing Options:
  -C, --concat                concatenate more files into one single file
  -o, --outfile <file>        the file used as output for concatenation
  -D, --decode                used to extract files from connections

Visualization Method:
  -B, --binary                print packets as they are
  -X, --hex                   print packets in hex mode
  -A, --ascii                 print packets in ascii mode (default)
  -T, --text                  print packets in text mode
  -E, --ebcdic                print packets in ebcdic mode
  -H, --html                  print packets in html mode
  -U, --utf8 <encoding>       print packets in uft-8 using the <encoding>
  -Z, --zero                  do not print packets, only headers
  -x, --xml                   print host infos in xml format

Standard Options:
  -v, --version               prints the version and exit
  -h, --help                  this help screen

Etterlog Usage Example

etterlog -k -l dump.eci

Displays information about local hosts in different colors.

etterlog -X dump.ecp

Prints packets in HEX mode with full headers.

etterlog -c dump.ecp

Displays the list of connections logged in the file.

etterlog -Akn -F TCP:10.0.0.1:13423:213.203.143.52:6666 dump.ecp

Displays the IRC traffic made by 10.0.0.1 in ASCII mode, without headers information and in colored mode.

etterlog -H -t tcp -f //80 dump.ecp

Dumps all HTTP traffic and strips html tags.

etterlog -Z -r -f /10.0.0.2/22 dump.ecp

Displays only the headers of all connections except ssh on host 10.0.0.2

etterlog -A -e 'user' -f //110 dump.ecp

Displays only POP packets containing the 'user' regexp (case insensitive).

etterlog -u root dump.eci

Displays information about all the accounts of the user 'root'.

etterlog -e Apache dump.eci

Displays information about all the hosts running 'Apache'.

etterlog -e Linux dump.eci

Displays information about all the hosts with the 'Linux' operating system.

etterlog -t tcp -f //110 dump.eci

Displays information about all the hosts with the tcp port 110 open.

etterlog -t udp dump.eci

Displays information about all the hosts with at least one UDP port open.

etterlog -B -s -n -F TCP:10.0.0.1:20:10.0.0.2:35426 logfile.ecp > example.tar.gz

Dumps in binary form the data sent by 10.0.0.1 over the data port of FTP. Since the headers are omitted, you will get the file as it was.

How to install Etterlog

The program is pre-installed on Kali Linux.

Installation on Linux (Debian, Mint, Ubuntu)

http://en.kali.tools/?p=107#install_ettercap

Etterlog Screenshots

The program is a command-line utility.

Etterlog Tutorials

Coming soon…

Related tools

Also recommended: