Hello Guys, I have been playing around with BT3 for a couple of years and now I am using BT4, I have been able to play with ettercap, arp poisoning & the dns_spoof for some time now as well. I have noticed lately that dns spoofing is not working on my internet Explorer 8, Vista SP1 (IP 192.168.0.101)! If i visit a new site like say XYZ Consulting that has been set to be spoofed to my attack machine IP (BT4, IP 192.168.0.100) ettercap states that XYZ Consulting was spoofed to 192.168.0.100, yet IE8 still opens the un-spoofed page! checking the arp table on the target victim I found out that the arp poisoning works! if i ping XYZ Consulting from the victim machine, I get my attack IP 192.168.0.100 which confirms that dns_spoofing is working! Can anyone explain what is happening? Why is IE8 showing the right page even if it has never been visited on the victims machine before?!