arpspoof(8) [debian man page]
ARPSPOOF(8) System Manager's Manual ARPSPOOF(8) NAME
arpspoof - intercept packets on a switched LAN SYNOPSIS
arpspoof [-i interface] [-c own|host|both] [-t target] [-r] host DESCRIPTION
arpspoof redirects packets from a target host (or all hosts) on the LAN intended for another host on the LAN by forging ARP replies. This is an extremely effective way of sniffing traffic on a switch. Kernel IP forwarding (or a userland program which accomplishes the same, e.g. fragrouter(8)) must be turned on ahead of time. OPTIONS
-i interface Specify the interface to use. -c own|host|both Specify which hardware address t use when restoring the arp configuration; while cleaning up, packets can be send with the own address as well as with the address of the host. Sending packets with a fake hw address can disrupt connectivity with certain switch/ap/bridge configurations, however it works more reliably than using the own address, which is the default way arpspoof cleans up afterwards. -t target Specify a particular host to ARP poison (if not specified, all hosts on the LAN). Repeat to specify multiple hosts. -r Poison both hosts (host and target) to capture traffic in both directions. (only valid in conjuntion with -t) host Specify the host you wish to intercept packets for (usually the local gateway). SEE ALSO
dsniff(8), fragrouter(8) AUTHOR
Dug Song <dugsong@monkey.org> ARPSPOOF(8)
Check Out this Related Man Page
ARPING(8) System Manager's Manual: iputils ARPING(8) NAME
arping - send ARP REQUEST to a neighbour host SYNOPSIS
arping [ -AbDfhqUV] [ -c count] [ -w deadline] [ -s source] -I interface destination DESCRIPTION
Ping destination on device interface by ARP packets, using source address source. OPTIONS
-A The same as -U, but ARP REPLY packets used instead of ARP REQUEST. -b Send only MAC level broadcasts. Normally arping starts from sending broadcast, and switch to unicast after reply received. -c count Stop after sending count ARP REQUEST packets. With deadline option, arping waits for count ARP REPLY packets, until the timeout expires. -D Duplicate address detection mode (DAD). See RFC2131, 4.4.1. Returns 0, if DAD succeeded i.e. no replies are received -f Finish after the first reply confirming that target is alive. -I interface Name of network device where to send ARP REQUEST packets. This option is required. -h Print help page and exit. -q Quiet output. Nothing is displayed. -s source IP source address to use in ARP packets. If this option is absent, source address is: o In DAD mode (with option -D) set to 0.0.0.0. o In Unsolicited ARP mode (with options -U or -A) set to destination. o Otherwise, it is calculated from routing tables. -U Unsolicited ARP mode to update neighbours' ARP caches. No replies are expected. -V Print version of the program and exit. -w deadline Specify a timeout, in seconds, before arping exits regardless of how many packets have been sent or received. In this case arping does not stop after count packet are sent, it waits either for deadline expire or until count probes are answered. SEE ALSO
ping(8), clockdiff(8), tracepath(8). AUTHOR
arping was written by Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>. SECURITY
arping requires CAP_NET_RAWIO capability to be executed. It is not recommended to be used as set-uid root, because it allows user to modify ARP caches of neighbour hosts. AVAILABILITY
arping is part of iputils package and the latest versions are available in source form for anonymous ftp ftp://ftp.inr.ac.ru/ip-rout- ing/iputils-current.tar.gz. iputils-020927 27 September 2002 ARPING(8)