Exercise: “DNS Poisoning and ARP Caching Attack using Ettercap on Kali Linux”

Step 1: Install Ettercap

● Open a terminal window and update the package list by running the command sudo
apt-get update.
● Install Ettercap by running the command sudo apt-get install ettercap-graphical.

Step 2: Start Ettercap

● Run the command sudo ettercap -G to start Ettercap in GUI mode.

Step 3: Configure Ettercap for DNS Poisoning Attack

● In the Ettercap menu, go to “Sniff” > “Unified sniffing” to set the interface to sniff.
● In the same menu, go to “Hosts” > “Scan for hosts” to discover the hosts on the
● In the “Hosts” menu, go to “Hosts list” to view the discovered hosts and select the
target host(s).
● In the “Mitm” menu, go to “Arp poisoning” to select the “Sniff remote connections”
● In the same menu, go to “DNS spoofing” to enable DNS spoofing.

Step 4: Start the Attack

● Click on the “Start” button to begin the ARP poisoning and DNS spoofing attack.

Step 5: Monitor the Attack

● Use the “Victims” tab in Ettercap to view the target host(s) that are being poisoned.
● Use the “Traffic” tab to view the traffic being intercepted and the DNS spoofed data.

Step 6: Stop the Attack

● To stop the attack, click on the “Stop” button in Ettercap, or go to “Mitm” > “Stop
mitm” in the menu.

Step 7: Cleanup

● To restore the original DNS settings, run the command sudo service networking

● DNS Poisoning is an illegal activity and should only be performed in a controlled
environment with the permission of the network administrator and the owners of the
targeted devices.
● ARP caching attack could cause a Denial of Service attack on the targeted devices.

● Ettercap official website: http://www.ettercap-project.org/
● Kali Linux documentation on Ettercap: https://docs.kali.org/information-

Open chat
Hello 👋.
Tell me, how can I help you?