LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

In the arpspoof command, what do the -t target and the trailing host arguments mean, and why is getting them right essential?

-t target is the machine whose ARP cache you poison; the trailing host is the identity you impersonate toward that target. In other words, you tell the target that the host's IP now lives at your MAC.

The syntax:

sudo arpspoof -i [interface] -t [target] [host]

Read it as: "On this interface, tell target that host is at my MAC."

Worked example (victim 192.168.1.42, gateway 192.168.1.1):

# Poison the victim: "the gateway is at my MAC"
sudo arpspoof -i eth0 -t 192.168.1.42 192.168.1.1

# Poison the gateway: "the victim is at my MAC"
sudo arpspoof -i eth0 -t 192.168.1.1 192.168.1.42

Why both directions:

One command poisons only one cache, so you'd capture traffic in a single direction. To MitM a full conversation you must poison both the victim (so its outbound traffic comes to you) and the gateway (so the replies come back to you). The -r flag does both with one command.

The classic mix-up:

Swapping target and host poisons the wrong cache (or tells a host it's at your MAC, which does nothing useful). The mental model — "target hears a lie about host" — keeps it straight.

Tip: Of arpspoof's four options (interface, target, host, and the -r toggle) you supply three for a one-direction attack: interface, target, host. Forgetting -i makes arpspoof guess the interface, which often picks the wrong one on a multi-NIC box.

Go deeper:

  • tool dsniff (official page) — the toolkit that ships arpspoof; forging ARP replies to redirect LAN traffic.
  • doc dsniff (Wikipedia) — the suite (arpspoof, dnsspoof, sshmitm) and how arpspoof intercepts switched-LAN traffic.

From Quiz: INTROL / Man in the Middle (MitM) | Updated: Jul 05, 2026