Another
proof of concept of
ARP-spoofing causing the ability to sniff traffic is
ettercap. This utility allows an unprecedented level of ability to listen and inject
network traffic.
The default behaviour of Ettercap is as follows:
It first
ARP-storms the local
subnet it is run off of, gathering
MAC addresses of all hosts on the subnet.
It then uses an
NMAP-style OS-detection and gathers all of the information for the subnet into a large list.
At this point, the user is left with the selection of a
source and
destination address to sniff traffic off of.
Ettercap found here:
http://ettercap.sourceforge.net/
Keep in mind that many
network admins don't like it if you do this sort of thing without permission, so ask first.