Security Basics mailing list archives
Re: Arp spoffing question
From: Dathan Bennett <dathan () shsu edu>
Date: Wed, 07 Feb 2007 10:30:10 -0600
Juan B wrote:
Hi, I need to demonstrate Arp spoffing to my manager. lets say that i have in the lab a pc names pc A a Gateway and my pc-which is pc J. I want that all the traffic from pc A and the Gateway and vise versa will pass throw pc J. do I need to connect PC J with two nic cards to the main switch or with just one, as far as I understand I need to connect it with 2 nics,am I wrong? Thanks, Juan____________________________________________________________________________________Never Miss an Email Stay connected with Yahoo! Mail on your mobile. Get started! http://mobile.yahoo.com/services?promote=mail
Juan,We do an ARP-spoofing lab every semester for our information assurance students. Here's how we do it: We used three boxes: source box (box A), intended destination (box B), and man-in-the-middle (box C). They're all connected to the same switch, and each has a single NIC. A and B are running Windows, and C is running Linux. Initially, A sends a message to B using the Windows Messaging service, while C runs tcpdump. We demonstrate that the traffic between A and B is never seen by C. Repeat for messages from B to A. Then, we poison the ARP caches for A and B, and turn IP forwarding on on box C (change the value of /proc/sys/net/ipv4/ip_forward to 1). Now send another message from A to B (and B to A) and show that the traffic is received by C.
~Dathan
Current thread:
- Arp spoffing question Juan B (Feb 07)
- Re: Arp spoffing question Arjuna Scagnetto (Feb 07)
- AW: Arp spoffing question Raimar Melchior (Feb 07)
- RE: Arp spoofing question Mohammad Jouni (Feb 07)
- Re: Arp spoffing question Dathan Bennett (Feb 07)
- Re: Arp spoffing question Deian Stefan (Feb 07)
- Re: Arp spoffing question crazy frog crazy frog (Feb 08)
- <Possible follow-ups>
- Re: Arp spoffing question hackman (Feb 07)
- RE: Arp spoffing question David Bonvillain (Feb 07)