In this scenario we will perform a MitM attack though arp spoofing. The concept basically comes down to ensuring that you can poison the arp table of the target machine and also the arp table of it’s default gateway.
For this example we will use arpspoof with the target’s IP set to 10.10.10.20 and it’s gateway IP 10.10.10.01. Before starting this attack, please ensure that your machine is setup to forward traffic by running the following command:
echo 1 > /proc/sys/net/ipv4/ip_forward (this will enable IP forwarding)
The first command to run from the kali interface is:
arpspoof -i eth0 -t 10.10.10.20 10.10.10.1
You should now be able to see the poisoned arp table on the target machine – it will have two IPs listed with the same MAC address.
To ensure we complete the full MitM procedure we need to also poison the default gateway’s arp table:
arpspoof -i eth0 -t 10.10.10.1 10.10.10.20
You will now be able to view all the traffic between the target and the default gateway using wireshark or tcpdump.