Ok, to use this you need 2 interfaces in your linux box right? Can they both be in the same network (ie: eth0 192.168.1.5 eth1 192.168.1.6).
The goal here is to craft fake arp replies to broadcast right? To poison the mac table of the victim AND the real gateway?
Pretend my macs are as followed
eth0 192.168.1.5 00:50:04:88:0B:47
eth1 192.168.1.6 00:B0:d0:86:E8:2B
I send one arp reply that tells the victim "the gateway can now be found at 00:50:04:88:0B:47" The attacker then sends another arp reply out that tells the real gateway : "the victim can now be found at 00:B0:d0:86:E8:2B
Then the victim starts sending me internet traffic (which I sniff), I then forward this traffic out of eth1 towards the real gateway. When the real gateway responds, he will be sending the data to my eth1. Which I will forward out my eth0 to the victim.
Hence they are none the wiser. Is this correct?