Ok so this one is similar to the other thread i posted but this time is about the MITM attack. I'm just starting and i'm a bit overwhelmed with all the ways this can be done over wireless.

Right now i'm using airbase-ng to create a fake AP with no encription, the i create a bridge between the interface airbase-ng creates and the interface actually connect to the internet and i use dnsspoof and burpsuite to get the packages.

I have two questions:

the first is about something i can't explain with my method. Here is the code i use:

airmon-ng start wlan0
iwconfig mon0 channel 1
iwconfig wlan0 channel 1

airobase-ng  --essid test mon0
ifconfig at0 up

brctl addbr mitm
brctl addif eth0
brctl addif at0
ifconfig eth0 up
at this point, my connection to eth0 goes away,

ifconfig at0 up
ifconfig mitm up
dhclient3 mitm
after this i still get a connection to the internet. How? Please understand i'm really a beginner and i am pretty sure i'm missing something obvious.

My second question is about the MITM attack itself. I know you guys hate when people ask how something is done, but i just wanted to know if ther are better ways than mine to accomplish what i did. I've heard about using ettercap/Arpspoof and sslstrip, is it easier / works better?