How To Do DHCP Spoofing Using Ettercap ? [MITM Series : 3]


Hello, welcome all hackers, and geeks, In this tutorial we’ll learn DHCP Spoofing using Ettercap and all about DHCP server.

In Previous article we’ve learned DNS spoofing using dnsspoof and ettercap please do read that.

What is DHCP?

DHCP stands for Dynamic Host Control Protocol. which is usually as server. or service on network. which is basically used to assign IP address to all the hosts.
The working of DHCP is simple, the client user queries to DHCP server for asigning IP address and DNS and DHCP server provides the IP address and DNS services Server IP with lease time.
lease time is given by DHCP for IP address valid time.

DHCP Spoofing

DHCP spoofing has 2 attacks
1.DHCP starvation attack
DHCP startvation attacks is similar to DOS attack, where attacker floods the fake MAC address and fake users on a network until the DHCP database becomes full and confuses to give IP address so that legitimate user don’t get connection.
2.DHCP rouge server attack
This attack will be explained here, DHCP rouge server attack where the attacker create a fake DHCP server and intercept the DHCP requests and providing fake IP address by poisoning DHCP responses.

DHCP attack scenario

As I’ve explained above we’ll get into a network and by providing a IP pool and DNS server with netmask we’ll setup fake DHCP server at our Kali Linux machine and give fake responses to clients connected. so that we can get to know what they’re doing and we can sniff the HTTP data connections using WireShark.

Getting started with Ettercap

We’ll use Ettercap for this attack. if you don’t have ettercap on linux please install it by just running this command in debain based linux destributions

sudo apt-get install ettercap

After finished installation please run this command to get GUI version of ettercap

ettercap -G

then go to main tab and select start sniffing then go to MITM tab and select DHCP spoofing from the drop down list.

small popup menu will be apeared there you have to give pool of IP address which you want to attack. you must provide IP address by knowing the Gateway IP address. you can get that from just running ifconfig command on terminal.

Then provide the IP address pool as follows. If your gateway is then give

this will attack whole subnet of the gateway. then specify the gateway as you know above.
then specify DNS as the standard DNS server.
then start attack. you can see attack progress in the bottom bar as here.


When ever a client requests for IP address our rouge DHCP server gives fake responses. and DHCP assigns our desired IP address.
Now you are free to open wireshark and play with clients packets transmissions.

I Hope this article was helpful We’ll discuss ICMP redirection and Router Admin control DOS attacks in future part of this article.