Fix Arpspoof on Debian

TL;DR

Arpspoof isn’t working on your Debian system? This guide covers common reasons and fixes, focusing on ensuring you have the right tools installed, correct interface names, root privileges, and network configuration. We’ll also look at alternatives like ettercap.

Fixing Arpspoof Issues

1. Check Installation: First, make sure arpspoof is actually installed.
   • Open a terminal.
   • Run the following command:

     sudo apt update

     sudo apt install dsniff

     (dsniff includes arpspoof)

   • If it’s already installed, you’ll see a message saying so. If not, the command will install it.
2. Interface Name: Arpspoof needs to know which network interface to use.
   • Find your interface name using:

     ip addr

     or

     ifconfig -a

     (look for something like eth0, wlan0 or enp0s3)

   • Make sure you’re using the correct interface name in your arpspoof command. A common mistake is to use an incorrect or outdated interface name.
3. Root Privileges: Arpspoof requires root access.
   • Always run it with sudo:

     sudo arpspoof -i eth0 -t target_ip gateway_ip

     Replace eth0, target_ip and gateway_ip with your actual values.

4. Network Configuration: Your network setup can interfere.
   • IP Forwarding: Ensure IP forwarding is enabled:

     sudo sysctl -w net.ipv4.ip_forward=1

     To make this permanent, edit /etc/sysctl.conf and uncomment or add the line net.ipv4.ip_forward=1 then run:

     sudo sysctl -p

   • Promiscuous Mode: The network interface might not be in promiscuous mode.
     This is usually handled automatically, but you can check with tools like Wireshark.
5. Firewall Interference: Your firewall (like ufw) could be blocking arpspoof.
   • Temporarily disable your firewall to test:

     sudo ufw disable

     If this fixes the issue, you’ll need to create rules to allow arpspoof traffic. Be careful when disabling firewalls!

6. Conflicting Processes: Other network tools might be interfering.
   • Check for other processes using your network interface:

     netstat -tulnp | grep eth0

     (replace eth0 with your interface name)

   • Stop any conflicting processes.
7. Alternative: Ettercap If arpspoof continues to fail, consider using Ettercap.
   • Install Ettercap:

     sudo apt install ettercap

   • Start Ettercap in text mode:

     sudo ettercap -Tq -i eth0 wlan_mac target_ip/target_netmask gateway_ip

     (replace eth0, wlan_mac, target_ip, target_netmask and gateway_ip with your actual values)