issue i ran into
had 3 virtualbox vms
1.) linux running python SimpleHTTPServer, simulates a website, network set to "internal network"
2.) windows accessing the linux website in #1 above, simulates the victim, network set to "internal network"
3.) kali running bettercap, arp.spoof.targets = linux server #1 above and windows #2 above, will do MiTM (man-in-the-middle) against the 2 systems above, network set to "internal network"
Issue I ran into is that with ettercap (no 'b') it worked great, I could see the traffic going from windows box to linux web server ... BUT with bettercap the arp spoof seemed to work but the traffic was nowhere to be found when using tools like "net.sniff" or "https.proxy" on bettercap.
By default ettercap (no 'b') captures all traffic (local & external)
By default bettercap only captures external traffic & ignores local to local traffic
set arp.spoof.internal true
set net.sniff.local true
The enables capture of internal traffic and now I started seeing it!