Penetration Testing mailing list archives

arpspoofing

From: "Erlend J. Leiknes" <nookie () online no>
Date: Tue, 5 Feb 2002 20:00:44 +0100

Im testing a network for clear-text password leakage. (Unencrypted
protocols)
Since its a switched enviorment I have to arpspoof or macflood.
Macflooding had no success, shouldnt the switches be degraded to hubs when
their mac-tables get filled?

And when I arpspoof using the redirecting data from the gateway to the
laptop, pings wont get through, and i sent some clear text on purpose from
machines that had gotten their arp table poisoned. Still it seemed like it
didnt work too well.

The question is:

if arp -a (on windows 98) shows:
Interface: x.x.x.204 --- 0x2
  Internet Address      Physical Address      Type
  x.x.x.1           00-10-14-26-60-38     dynamic
  x.x.x.5           00-50-da-37-93-5b     dynamic
  x.x.x.6           00-50-da-37-93-5b     dynamic

who will recive the packages. 5, 6 or both?

Any other ways to sniff in a switched enviorment?


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

arpspoofing Erlend J. Leiknes (Feb 05)
- <Possible follow-ups>
- Re: arpspoofing gattaca (Feb 05)
- RE: arpspoofing Lee Brotherston (Feb 11)
- RE: arpspoofing Darrin . Wassom (Feb 11)