To see result in tcpdump or in wirelshark as being a kali attacker

machine, you have to make the ipv4 forward be true. To do so,

type in terminal:
1) “sysctl -w net.ipv4_forward=1”, then press enter. It is the
command that allows the flow of packets through your computer.

2) Or,
you might also want to check the file which you were changing for
the “ipv4”, therefore type this command in a terminal to see its
state first before changing it (this command below does the same
task as in step1):

“cat /proc/sys/net/ipv4/ip_forward” and press enter to read its

content (of course without quotes). If the value is “0”, then you
need to change it to “1”. Thus, type “echo 1 >
/proc/sys/net/ipv4/ip_forward”, and press enter.

3) Now, you can lunch Wireshark by typing “wireshard -G”, go

directly to your Kali applications and lunch it. Or, you can lunch
“tcpdump” as well by typing “tcpdump -i Your_interface (eth0, or
wlan…) -n port 80 and host Victim_IP_addr”. Eg: “tcpdump -i eth0
-n port 80 and host 192.168.134”, and press enter.

4) Now you can start your Ettercap, scan the host, choose your
victim IP and add as target2, and the router gateway IP_addr as
target1.    Start “sniffing Unified” first. Verify your “host list”, then
go to MITM, and choose “ARP_poisoining”. And the Mac_addr of
your victim will change automatically and take the Mac_addr of
the Kali attacker machine.
So, bear in mind as a great attacker to change your Mac_addr
first. You can do so using macchanger command in terminal.

Acting like that, we say to the victim “hey, I am    the router; and
you should pass your traffic through me”.
5) This website is a testing site for credentials input to verify in our
MITM via ettercap kali machine,
“testing-ground.scraping.pro/login”. If you want to monitor all the
devices in a specific environment, you can set the gateway as
being the target 1, and select all the other IP_addrs as the target
2.

6) If you want if you are really in the middle (as being the attacker
if you have access to some of the target devices), you can go to
“cmd” in a windows machine for example, and type “arp -a”, and
press “enter”. Your windows mac_addr will take the mac_addr of
the attacker machine. Likewise a victim might if he got monitored
by that mac_addr attacker, if the victim knew/kept before his real
mac_addr. When the attack is stopped, the victim’s device will
take its original mac_addr back.