ARP Poisoning Attack using Ettercap

ARP Poisoning Attack using Ettercap

ARP Poisoning Attack using Ettercap, A Man-in-the-Middle Attack or MITM for short is a form of eavesdropping in which an attacker makes independent connections with victims and relays messages to each other, making them believe they are speaking directly to each other.

over a private connection, when in reality the entire conversation is controlled by an attacker. The attacker must be able to sniff all the messages passing between the two victims and inject some new ones, which is easy in many circumstances.


Ettercap in a full suite for man-in-the-middle attacks. It allows you to intercept live connections, filter content on the fly, and various other interesting tricks. It supports active and passive dissection of various protocols and includes various features for network and host analysis.

Ettercap will generate an “ARP Spoofing” attack which is a technique where an attacker sends “Spoofed” or false ARP (Address Resolution Protocol) messages in an Internal Local Network. Generally, the intent is to associate the attacker's MAC address with the IP address of another host (such as the default gateway), causing any traffic destined for this IP address to be sent to the attacker instead. This attack is used as a start for a MITM or Man In The Middle attack.

For the following practice, three virtual machines will be used, the machine from which the attack will be carried out will be Kali Linux and the evaluation targets or “victims” will be Metasploitable 2 and Windows 7.

Run ettercap

# ettercap -G

Click on the “Sniff -> Unified Sniffing” option located in the top menu.


Proceed to select the Interface. In the case of the present practice, it corresponds to “eth0”.


In the lower window of ettercap, the relevant information about the action performed will be presented.

Add to the list of hosts, the targets against which the “ARP Spoofing” will be performed. To do this, click on the “Hosts -> Scan for Host” option.


Select the option “Host -> Host List”. Before which a new tab will be presented with the list of Hosts.

From the list of Hosts presented, select the IP address of Metasploitable2 and define it as target 1 by clicking on the “Add to Target 1” button. Also select the Windows 7 IP address and define it as target 2 by clicking the “Add to Target 2” button.

Click on “Mitm -> Arp poisoning…”

A window opens where you must select the option “Sniff remote connections.” or snoop remote connections.

Click on the option “Start -> Start sniffing” or Start Sniffing.

The attack has started. To verify this, the MAC address assigned to Kali Linux is displayed.

In Windows 7 notice that the MAC address assigned to Kali Linux is the same MAC address related to the IP address, assigned to Metasploitable2.

In Metasploitable2 notice that the MAC address assigned to Kali Linux is the same MAC address related to the IP address assigned to Windows 7.

Rate this post

Leave a Reply