Step 1: Install Ettercap
● Open a terminal window and update the package list by running the command sudo
apt-get update.
● Install Ettercap by running the command sudo apt-get install ettercap-graphical.
Step 2: Start Ettercap
● Run the command sudo ettercap -G to start Ettercap in GUI mode.
Step 3: Configure Ettercap for DNS Poisoning Attack
● In the Ettercap menu, go to “Sniff” > “Unified sniffing” to set the interface to sniff.
● In the same menu, go to “Hosts” > “Scan for hosts” to discover the hosts on the
network.
● In the “Hosts” menu, go to “Hosts list” to view the discovered hosts and select the
target host(s).
● In the “Mitm” menu, go to “Arp poisoning” to select the “Sniff remote connections”
option.
● In the same menu, go to “DNS spoofing” to enable DNS spoofing.
Step 4: Start the Attack
● Click on the “Start” button to begin the ARP poisoning and DNS spoofing attack.
Step 5: Monitor the Attack
● Use the “Victims” tab in Ettercap to view the target host(s) that are being poisoned.
● Use the “Traffic” tab to view the traffic being intercepted and the DNS spoofed data.
Step 6: Stop the Attack
● To stop the attack, click on the “Stop” button in Ettercap, or go to “Mitm” > “Stop
mitm” in the menu.
Step 7: Cleanup
● To restore the original DNS settings, run the command sudo service networking
restart
Note:
● DNS Poisoning is an illegal activity and should only be performed in a controlled
environment with the permission of the network administrator and the owners of the
targeted devices.
● ARP caching attack could cause a Denial of Service attack on the targeted devices.
Reference:
● Ettercap official website: http://www.ettercap-project.org/
● Kali Linux documentation on Ettercap: https://docs.kali.org/information-
gathering/ettercap
