Dnsspoof is a member of the Dsniff suit toolset and works similarly to arpspoof . It lets you forge DNS responses for a DNS server on the local network . DNS runs on User Datagram Protocol (UDP), a connectionless protocol, a DNS client will send out a query and expect a response . The query is assigned a pseudo random identification number which should be present in the answer from the DNS server. Then when the answer from the DNS server will be received , it will just have to compare both numbers if they’re the same, the answer is taken as valid, otherwise it will be simply ignored . The DNS protocol relies on UDP for requests (TCP is used only for zone transfers –> communications between DNS servers), which means that it is easy to send a packet coming from a fake IP since there are no SYN/ACK numbers (Unlike TCP, UDP doesn’t provide a minimum of protection against IP spoofing) .
dnsspoof [-i interface] [-f hostsfile] [expression]
cyborg@cyborg:~$ sudo dnsspoof -f hosts host 192.168.1.40 and udp port 53 dnsspoof: listening on eth0 [host 192.168.1.40 and udp port 53]