arpspoof (8) - Linux Manuals


arpspoof - intercept packets on a switched LAN


arpspoof [-i interface] [-c own|host|both] [-t target] [-r] host


arpspoof redirects packets from a target host (or all hosts) on the LAN intended for another host on the LAN by forging ARP replies. This is an extremely effective way of sniffing traffic on a switch.

Kernel IP forwarding (or a userland program which accomplishes the same, e.g. fragrouter(8)) must be turned on ahead of time.


-i interface
Specify the interface to use.
-c own|host|both
Specify which hardware address t use when restoring the arp configuration; while cleaning up, packets can be send with the own address as well as with the address of the host. Sending packets with a fake hw address can disrupt connectivity with certain switch/ap/bridge configurations, however it works more reliably than using the own address, which is the default way arpspoof cleans up afterwards.
-t target
Specify a particular host to ARP poison (if not specified, all hosts on the LAN). Repeat to specify multiple hosts.
Poison both hosts (host and target) to capture traffic in both directions. (only valid in conjuntion with -t)
Specify the host you wish to intercept packets for (usually the local gateway).


Dug Song <dugsong [at]>


dsniff(8), fragrouter(8)