arpspoof - intercept packets on a switched LAN
arpspoof [-i interface] [-c
own|host|both] [-t target] [-r]
host
arpspoof redirects packets from a target host (or all
hosts) on the LAN intended for another host on the LAN by forging ARP
replies. This is an extremely effective way of sniffing traffic on a
switch.
Kernel IP forwarding (or a userland program which accomplishes the
same, e.g. fragrouter(8)) must be turned on ahead of time.
- -i interface
- Specify the interface to use.
- -c
own|host|both
- Specify which hardware address t use when restoring the arp configuration;
while cleaning up, packets can be send with the own address as well as
with the address of the host. Sending packets with a fake hw address can
disrupt connectivity with certain switch/ap/bridge configurations, however
it works more reliably than using the own address, which is the default
way arpspoof cleans up afterwards.
- -t target
- Specify a particular host to ARP poison (if not specified, all hosts on
the LAN). Repeat to specify multiple hosts.
- -r
- Poison both hosts (host and target) to capture traffic in both directions.
(only valid in conjuntion with -t)
- host
- Specify the host you wish to intercept packets for (usually the local
gateway).
Dug Song <dugsong@monkey.org>