From the wikipedia

http://en.wikipedia.org/wiki/Ettercap_%28computing%29

It says

Remote traffic through a GRE tunnel: the sniffing of remote traffic through a GRE tunnel from a remote Cisco router, and perform a man-in-the-middle attack on it.
Does anyone know about this? Does it work over a lan only or does it work over the internet?