Irongeek put together a simple program for monitoring network shenanigans when you’re on an untrusted network like the coffee shop. It sits in the Windows Systray and notifies you about a variety of events. It alerts you when it sees the MAC address of the IP gateway change. It watches the security log and warns you of any attempted or successful logins. The firewall log is also monitered. Try it out and send him any bug reports/feature requests you might have.
[IronGeek] has published his latest video how-to: DNS Spoofing with Ettercap. Ettercap is designed specifically to perform man in the middle attacks on your local network. It can do ARP poisoning, collect passwords, fingerprint OSes, and content filtering. For DNS spoofing, you just need to edit a config file that defines which domains resolve to which IP addresses. You can use wildcards for the domains. In the video, he uses Linux because the network interfaces are easier to remember. Once you’re done playing with DNS spoofing, remember to flush your local cache otherwise your browser will continue to go to the wrong IP.