Re: [PEN-TEST] Mac poisoning (was Re: [PEN-TEST] Replaying arbitrary packets)

[Matt Scarborough <vexversa () USA NET>]

> > Frank Knobbe escribió:
> > Or simply poison the victims ARP cache with the MAC address of your
> > station.

> Javier Fernandez-Sanguino Peña escribió:
>       BTW, I have been unable to find tools to do this besides dsniff (great
tool)
> and arp0c. Any tool for Windows NT? (preferably that does not need
rebooting,
> that is, does not use winpcap).

WinPcap 2.1 (± April 2001) can be dropped onto NT4 without rebooting. This is
true for nearly all WinPcap 2.1 enabled apps, thus allowing packet capture or
injection (with LibNetNT) without rebooting on NT4-5.
http://netgroup-serv.polito.it/windump/install/default.htm

Here I see Frank's Snarp on NT4 Server SP6a+ using WinPcap 2.1 spoofs ARP
without rebooting.

Matt 2001-05-09



____________________________________________________________________
Get free email and a permanent address at http://www.amexmail.com/?A=1