Penetration Testing mailing list archives
Re: Arp spoofing & dsniff
From: Ryan Russell <ryan () securityfocus com>
Date: Mon, 6 May 2002 12:24:57 -0600 (MDT)
On Mon, 6 May 2002, kumar mahadevan wrote:
If I am on a Switched network and I change my MAC address on my RH 7 box to the victim's (using IFCONFIG). Now, how do I capture say for e.g Telnet sessions between the victim and a server running telnet service.
If you change your MAC address to be that of the victim (the box in the same broadcast domain as your attacking machine) then you will be fighting the victim for control of the MAC address in the switch. The switch will alternately think that that MAC address is in one port, then another, as frames come in with that as a source address. In general, you'll just make the victim unable to communicate, and yuo won't be able to monitor most of the traffic.
I don't want to ARP cache poison nor MAC flood the switch.
Then your best bet is to poison the ARP cache on the victim, to make it think you're the other box, or the router. Configure your box to forward the packets so you don't break the communications. Ryan ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Arp spoofing & dsniff Vs Metal (May 05)
- Re: Arp spoofing & dsniff Michael Thumann (May 05)
- Re: Arp spoofing & dsniff Daniel Polombo (May 06)
- Re: Arp spoofing & dsniff kumar mahadevan (May 06)
- Re: Arp spoofing & dsniff Ryan Russell (May 06)
- Re: Arp spoofing & dsniff kumar mahadevan (May 06)
- Re: Arp spoofing & dsniff Ryan Russell (May 06)
- Re: Arp spoofing & dsniff Sumit Dhar (May 07)
- Re: Arp spoofing & dsniff kumar mahadevan (May 06)
- Re: Arp spoofing & dsniff Sumit Dhar (May 06)
- Re: Arp spoofing & dsniff The D (May 10)
- <Possible follow-ups>
- Re: Arp spoofing & dsniff Sumit Dhar (May 07)
- Re: Arp spoofing & dsniff jsyn (May 09)
- Re: Arp spoofing & dsniff woof (May 13)
- Re: Arp spoofing & dsniff miguel . dilaj (May 09)