Penetration Testing mailing list archives
Re: [PEN-TEST] Arp Spoofing under WinNT 4.0
From: Frank Knobbe <FKnobbe () KNOBBEITS COM>
Date: Wed, 31 Jan 2001 20:37:45 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I developed a little command line tool called snarp that allows you to sniff traffic between two machines on a switched network. It does so by poisoning the arp caches on two targets and relaying traffic between them. It runs great under NT 4 (requires the WinPCap driver and LibNetNT.dll). It currently does not run under Win2K. I'm still trying to figure out (if I ever get some spare time) why even a simple malloc or free crashes the process... Email me offline if you like a copy of it. I have not released it yet since I wanted to get some feedback back from testers and get the W2K issues worked out. Regards, Frank
-----Original Message----- From: Fabio Pietrosanti [mailto:naif () SIKUREZZA ORG] Sent: Wednesday, January 31, 2001 5:42 AM Hi, I'm doing a pen test, and i got access to an NT server on which i would like to place a sniffer. I've tried buttsniff and then Dsniff using WinPcap, but i notice that they are on a switched network, so i have two solutions: 1) Flood the switch of random mac address so his table will'be filled and the switch will operate in bride mode 2) do arp spoofing so i could intercept all packet destinated to the host of which traffic i need to sniff. On unix there are many tools, but on WinNT 4.0 with WinPcap there are some tools for "arp spoofing" ? Thanks a lot Best Regards naif naif () sikurezza org
-----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 Comment: PGP or S/MIME encrypted email preferred. iQA/AwUBOnjL+JytSsEygtEFEQIe1wCeIqIiMTVX1Iq6vGYQMVqqDDsqNHcAoK6A f+L2vhgBgd57pCjIM0T6nlHH =Jttt -----END PGP SIGNATURE-----
Current thread:
- Re: [PEN-TEST] Arp Spoofing under WinNT 4.0 Frank Knobbe (Jan 31)
- <Possible follow-ups>
- Re: [PEN-TEST] Arp Spoofing under WinNT 4.0 Cleary, Tom (Jan 31)
- Re: [PEN-TEST] Arp Spoofing under WinNT 4.0 Wojciech Dworakowski (Feb 01)
- Re: [PEN-TEST] Arp Spoofing under WinNT 4.0 y0ni (Feb 01)