ARP Poisoning And Spying on A Network

In this article, I’m going to teach you about spying on networks with ARP poisoning attacks. After ARP Poisoning a network you will be able to see the following information visited by the victim.

  1. Websites visited

  2. Capturing usernames and passwords entered by the victim

ARP Poisoning And Spying On The Network

Step 1:

To open and start bettercap type in the following command

sudo bettercap -iface wlan0

Step 2

Starting The Attack

Once you open bettercap you need to enable net.probe and net.recon for this type in the following commands:

net.probe on
net.recon on

Once the net.probe module is activated this will send different types of packets to each IP in the current subnet in order for the net.recon module to detect them.

Once the net.recon module is enabled it will start reading the system ARP table in order to detect new hosts on the network.

Step 4

Now we need to enable the net.sniff module. This module is a network sniffer which will help us in capturing websites visited by the victim, usernames, and passwords typed by the victim, and much more data about the victim. To enable this module type in the following command:

net.sniff on

Once you enable the net.sniff module you will be able to capture all packet’s on your local network. Eg; Sites Visited by the victim, usernames and passwords typed in by the victim, and much more.


Hi, thanks for stopping by!

HI!! Our main goal for this website and our channel is to teach and educate everyone on cybersecurity for free. I will upload all my new tutorials and new courses on my blog and on my Youtube Channel. 

Join us in the general discussions to get answers to your queries from the community.
​Sign up here and subscribe to my Youtube channel to stay updated.

Let the posts
come to you.

Thanks for submitting!

  • Facebook
  • Instagram
  • Twitter
  • Pinterest