Your company here — click to reach over 10,000 unique daily visitors

arpspoof - Man Page

intercept packets on a switched LAN

Examples (TL;DR)


arpspoof [-i interface] [-c own|host|both] [-t target] [-r] host


arpspoof redirects packets from a target host (or all hosts) on the LAN intended for another host on the LAN by forging ARP replies.  This is an extremely effective way of sniffing traffic on a switch.

Kernel IP forwarding (or a userland program which accomplishes the same, e.g. fragrouter(8)) must be turned on ahead of time.


-i interface

Specify the interface to use.

-c own|host|both

Specify which hardware address t use when restoring the arp configuration; while cleaning up, packets can be send with the own address as well as with the address of the host. Sending packets with a fake hw address can disrupt connectivity with certain switch/ap/bridge configurations, however it works more reliably than using the own address, which is the default way arpspoof cleans up afterwards.

-t target

Specify a particular host to ARP poison (if not specified, all hosts on the LAN).  Repeat to specify multiple hosts.


Poison both hosts (host and target) to capture traffic in both directions. (only valid in conjuntion with -t)


Specify the host you wish to intercept packets for (usually the local gateway).

See Also

dsniff(8), fragrouter(8)


Dug Song <dugsong@monkey.org>

Referenced By

dsniff(8), sslsplit(1).