Couldn't arp for host, Kali Linux

Trick Victim And Router | ARP Spoofing With Arpspoof – MITM | Ethical Hacking | Arpspoof With Kali

2 Answers 2 Sorted by:

It seems there are a couple of issues to address

Your Kali VM is running with a NAT connection through your Host and to your target network. That must be changed to a Bridged connection so that your VM can get an IP address on the same network as your victim machine(s). This is controlled from the VitualBox management utility.

Youre using a wireless interface so you may not be able to create a working Bridge connection. Remove this area of potential confusion by using a wired interface instead if at all possible

As roaima said, select bridged network, not NAT. Use a wired connection where possible.

You can see here how to set a VM to bridged networking:

From that page:

Changing the network interface to wired:

Thanks for contributing an answer to Unix & Linux Stack Exchange!

Please be sure to answer the question. Provide details and share your research!

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers. Draft saved Draft discarded

1 Answer 1 Sorted by:

There are several problems:

When I run ip a on kali, I get that my IP address is 10.0.2.15 and gateway is 10.0.2.2

Your VirtualBox VM is in “NAT” mode, meaning that it lives in a completely separate “physical” network from your actual LAN. There is a router (VirtualBox itself) that allows network-layer (L3) communications, but ARP is a link-layer (L2) mechanism; it only functions within the same subnet – ARP packets do not travel across routers. For this to work, the VM needs to be in “bridged” networking mode, that way it is placed directly on the same network as the host computer. Bridging is also not guaranteed to work over Wi-Fi – VirtualBox has to implement a few tricks to make it happen. (Specifically, the problem is that it cant make your VMs real MAC addresses visible over Wi-Fi; they will appear as if having the hosts MAC, and VirtualBox has to magically rewrite ARP responses to match.) I would recommend using an Ethernet connection all the way through. (Emphasis on all the way – using Ethernet switches is fine, but “range extenders” that connect to Wi-Fi and give you an Ethernet port will have exactly the same problems as VirtualBox itself.)

Your computer and your phone are in different subnets, too. Combining the computers address (128.179.179.227) with the netmask (255.255.248.0) you get the network address 128.179.176.0/21 – as a range, it would end at 128.179.183.255. Notice that your phones IP address is not within this range. This means that at the very least, your phone will be making ARP queries for a completely different gateway address than yours, and most likely the two networks are separated at link-layer as well, meaning that ARP queries from one wouldnt be visible in anotherr.

Your computers Wi-Fi connection seems to be giving you access to a shared subnet (Im guessing its a campus-wide Wi-Fi) – if you implemented ARP spoofing there, it would affect all users connected to it, which might a) route a few hundred devices worth of traffic to your laptop, b) make the devices owners unhappy, c) make the EPFL network admins very unhappy, d) all of the above. That is assuming it works. More likely is that the network admins have enabled client isolation on the Wi-Fi access points, so that your computer never sees other devices ARP queries even on the same subnet (the access point answers on behalf of the queried device), and similarly, other devices will never see your “spoofed” ARP responses. (Client isolation is used precisely to prevent someone from doing what youre trying to do.)

Thanks for contributing an answer to Super User!