Blog | G5 Cyber Security

Fix Arpspoof on Debian

G5 Cyber Security

TL;DR

Arpspoof isn’t working on your Debian system? This guide covers common reasons and fixes, focusing on ensuring you have the right tools installed, correct interface names, root privileges, and network configuration. We’ll also look at alternatives like ettercap.

Fixing Arpspoof Issues

  1. Check Installation: First, make sure arpspoof is actually installed.
    • Open a terminal.
    • Run the following command: 
      sudo apt update
      sudo apt install dsniff

      (dsniff includes arpspoof)

    • If it’s already installed, you’ll see a message saying so. If not, the command will install it.
  2. Interface Name: Arpspoof needs to know which network interface to use.
    • Find your interface name using: 
      ip addr

      or

      ifconfig -a

      (look for something like eth0, wlan0 or enp0s3)

    • Make sure you’re using the correct interface name in your arpspoof command. A common mistake is to use an incorrect or outdated interface name.
  3. Root Privileges: Arpspoof requires root access.
    • Always run it with sudo: 
      sudo arpspoof -i eth0 -t target_ip gateway_ip

      Replace eth0, target_ip and gateway_ip with your actual values.

  4. Network Configuration: Your network setup can interfere.
    • IP Forwarding: Ensure IP forwarding is enabled: 
      sudo sysctl -w net.ipv4.ip_forward=1

      To make this permanent, edit /etc/sysctl.conf and uncomment or add the line net.ipv4.ip_forward=1 then run:

      sudo sysctl -p
    • Promiscuous Mode: The network interface might not be in promiscuous mode.
      This is usually handled automatically, but you can check with tools like Wireshark.
  5. Firewall Interference: Your firewall (like ufw) could be blocking arpspoof.
    • Temporarily disable your firewall to test: 
      sudo ufw disable

      If this fixes the issue, you’ll need to create rules to allow arpspoof traffic. Be careful when disabling firewalls!

  6. Conflicting Processes: Other network tools might be interfering.
    • Check for other processes using your network interface: 
      netstat -tulnp | grep eth0

      (replace eth0 with your interface name)

    • Stop any conflicting processes.
  7. Alternative: Ettercap If arpspoof continues to fail, consider using Ettercap.
    • Install Ettercap: 
      sudo apt install ettercap
    • Start Ettercap in text mode: 
      sudo ettercap -Tq -i eth0 wlan_mac target_ip/target_netmask gateway_ip

      (replace eth0, wlan_mac, target_ip, target_netmask and gateway_ip with your actual values)

Exit mobile version