First of all, we need two virtual machine to do the sniffing which are the first virtual machine as the attacker and the second virtual machine target. There are the step to sniffing :

1. We need to know both IP address which type ifconfig in command line

2. After that, type tcpdump –vvn –i eth0 host 192.168.0.12 –w andi.pcap and it will appear like this

3. Go to second virtual machine to open the website until we got the traffic

4. Go to folder, it will find the andi.pcap folder and open it

5. Finally, it will appear like this, The protocol it should be ARP