Scroll to navigation

ARPSPOOF(8) System Manager's Manual ARPSPOOF(8)


arpspoof - intercept packets on a switched LAN


arpspoof [-i interface] [-c own|host|both] [-t target] [-r] host


arpspoof redirects packets from a target host (or all hosts) on the LAN intended for another host on the LAN by forging ARP replies. This is an extremely effective way of sniffing traffic on a switch.

Kernel IP forwarding (or a userland program which accomplishes the same, e.g. fragrouter(8)) must be turned on ahead of time.


Specify the interface to use.
Specify which hardware address t use when restoring the arp configuration; while cleaning up, packets can be send with the own address as well as with the address of the host. Sending packets with a fake hw address can disrupt connectivity with certain switch/ap/bridge configurations, however it works more reliably than using the own address, which is the default way arpspoof cleans up afterwards.
Specify a particular host to ARP poison (if not specified, all hosts on the LAN). Repeat to specify multiple hosts.
Poison both hosts (host and target) to capture traffic in both directions. (only valid in conjuntion with -t)
Specify the host you wish to intercept packets for (usually the local gateway).


dsniff(8), fragrouter(8)


Dug Song <>