Arpspoofing

Hi, I am trying to follow the steps in the arpspoofing tutorial provided by Zaid, bu till now the arpspoofing is not working, it keeps giving me
arpspoof -i eth0 -t 10.0.2.4 10.0.2.15
arpspoof: couldn’t arp for host 10.0.2.4

Please help, since the bettercap is not effective as well to do the arpspoofing.

Thank you

You may be entering the wrong ip addresses: 10.0.2.4 and 10.0.2.15

In Kali, enter command “ifconfig eth0”
What is the ip address shown immediately following “inet” ?

HI LearnerKali,

Gdub is right. Please make sure that Kali and the target VM are both on the same nat network (subnet), then arpspoof:

arpspoof -i <interface> -t <gateway IP> <target IP>

In another terminal window:

arpspoof -i <interface> -t <target IP> <gateway IP>

To make sure of the gateway IP address, just do: route -n

1 Like

Thank you Gdub and AJS, it worked,
I was using wrong IP address for the gateway.

Thank you again!

1 Like

Great stuff! Glad we could help :wink:

Till the issue continues
Will anyone help me out

Hello. I need to type gateway IP.
but, which IP do I need?
target’s gateway IP or my gateway IP

The basic idea of arpspoof is you as an attacker spoof your IP to router’s IP and this way the victim connects to you instead of the router. So think about it, what will you type in gateway IP and what will you type in target IP?

root@kali:~# ifconfig eth0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

    inet 10.0.2.15

root@kali:~# route -n

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

0.0.0.0 10.0.2.2

root@kali:~# arpspoof -i eth0 -t 10.0.2.2 10.0.2.15

8:0:27:45:1a:1b 52:54:0:12:35:2 0806 42: arp reply 10.0.2.15 is-at 8:0:27:45:1a:1b

then in a second open terminal i try the reverse while that command is still running and producing the same output and i get this

root@kali:~# arpspoof -i eth0 -t 10.0.2.15 10.0.2.2

arpspoof: couldn’t arp for host 10.0.2.15

i thought it was odd my gateway was 10.0.2.2 so i tried 10.0.2.1 also but same result. I have 2 other OS installed a mint linux and whonix. just installed them to try out but now think that maybe affecting this, but just speculation. ive also tried restarting all machines and ran apt-get update. and ive also tried the attack with using linux mint as target (on the same NAT network instead of the windows) and registered the same IPs and got same error

okay i solved my issue - NAT configurations weren’t what they needed to be as my target machine and eth0 were registering the same IP. but i changed it and the attack was successful - thank you!

Hi Erik, not sure if you’ll see this but I just wanted to ask how you went about solving the " arpspoof: couldn’t arp for host 10.0.2.15 " Im having the similar issue and can’t go past that point once I switch the target IP and gateway around.

Thank you