Re: Arp spoffing question

[Dathan Bennett <dathan () shsu edu>]

Juan B wrote:
> Hi,
>
> I need to demonstrate Arp spoffing to my manager.
> lets say that i have in the lab a pc names pc A a
> Gateway and my pc-which is pc J.
> I want that all the traffic from pc A and the Gateway
> and vise versa will pass throw pc J. do I need to
> connect PC J with two nic cards to the main switch or
> with just one, as far as I understand I need to
> connect it with 2 nics,am I wrong?
>
> Thanks,
>
> Juan
>
>
>  
> ____________________________________________________________________________________
> Never Miss an Email
> Stay connected with Yahoo! Mail on your mobile.  Get started!
> http://mobile.yahoo.com/services?promote=mail
>   

Juan,

We do an ARP-spoofing lab every semester for our information assurance 
students.  Here's how we do it:
We used three boxes: source box (box A), intended destination (box B), 
and man-in-the-middle (box C).  They're all connected to the same 
switch, and each has a single NIC.  A and B are running Windows, and C 
is running Linux.
Initially, A sends a message to B using the Windows Messaging service, 
while C runs tcpdump.  We demonstrate that the traffic between A and B 
is never seen by C.  Repeat for messages from B to A.
Then, we poison the ARP caches for A and B, and turn IP forwarding on on 
box C (change the value of /proc/sys/net/ipv4/ip_forward to 1).
Now send another message from A to B (and B to A) and show that the 
traffic is received by C.

~Dathan