LinuxCommandLibrary

arpspoof

intercept packets on a switched LAN

TLDR

Poison all hosts to intercept packets on [i]nterface for the host

$ sudo arpspoof -i [wlan0] [host_ip]
copy


Poison [t]arget to intercept packets on [i]nterface for the host
$ sudo arpspoof -i [wlan0] -t [target_ip] [host_ip]
copy


Poison both [t]arget and host to intercept packets on [i]nterface for the host
$ sudo arpspoof -i [wlan0] -r -t [target_ip] [host_ip]
copy

SYNOPSIS

arpspoof [-i interface] [-c own|host|both] [-t target] [-r] host

DESCRIPTION

arpspoof redirects packets from a target host (or all hosts) on the LAN intended for another host on the LAN by forging ARP replies. This is an extremely effective way of sniffing traffic on a switch. Kernel IP forwarding (or a userland program which accomplishes the same, e.g. fragrouter(8)) must be turned on ahead of time.

OPTIONS

-i interface Specify the interface to use. -c own|host|both Specify which hardware address t use when restoring the arp con‐ figuration; while cleaning up, packets can be send with the own address as well as with the address of the host. Sending packets with a fake hw address can disrupt connectivity with certain switch/ap/bridge configurations, however it works more reliably than using the own address, which is the default way arpspoof cleans up afterwards. -t target Specify a particular host to ARP poison (if not specified, all hosts on the LAN). Repeat to specify multiple hosts. -r Poison both hosts (host and target) to capture traffic in both directions. (only valid in conjuntion with -t) host Specify the host you wish to intercept packets for (usually the local gateway).

SEE ALSO

dsniff(8), fragrouter(8)

AUTHOR

Dug Song ARPSPOOF(8)

Copied to clipboard