Hi there!

I have this strange issue with ARP-spoofing.. I have two virtual machines (running on Virtual Box) connected via a host-only virtual n/w (dhcp enabled) - The victim is Win XP sp3 while the spoofed machine is a BT4 rc2; the attacker is the host (BT5 rc1-KDE) itself.

I have been trying to arp-spoof the coonection between the victim and the spoofed machine by manually sending it custom ARP-packets captured via wireshark as well as with Ettercap. In both the methods, the arp-cache is getting modified as expected but the traffic is NOT GETTING DIVERTED..

My guess is that it has something to do with the host-only nature of the nw or dhcp being enabled (no "gateway"..)

I will be glad is somebody could help me figure out what is going wrong and/or suggest an alternate virtual machine configuration that they successfully simulated with..