The theory behind ARP spoofing is that since ARP replies are not verified or checked in any way, an attacker can send a spoofed ARP reply to a victim machine, thereby poisoning its ARP cache. Once we control the ARP cache, we can redirect traffic from that machine at will, in a switched environment.
Ettercap
Ettercap is a customized tools for initiating ARP spoofing attacks. A nice tool to check out for Windows Platforms is Cain and Able. This is a powerful tool capable of sniffing, ARP spoofing, DNS spoofing, password cracking and more.
Ettercap is a suite for man in the middle attacks (MITM) on the local LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many features for network and host analysis.
To set ettercap follow these steps:
1.click on sniff ->Unified sniffing, a ettercap window will be prompted.
2.select eth0 as interface and click OK.
3.A new window will look like this.
4.Now scan the available host in the network by selecting Hosts -> scan for host.
5.After scanning select Host ->Hosts list
6.select default gateway as target 1 and victims ip as target 2.
7.click Mitm -> Arp poisoning.
8.select Start->start sniffing.
