Home page logo
/

basics logo Security Basics mailing list archives

Re: Arp spoffing question
From: Dathan Bennett <dathan () shsu edu>
Date: Wed, 07 Feb 2007 10:30:10 -0600

Juan B wrote:
Hi,

I need to demonstrate Arp spoffing to my manager.
lets say that i have in the lab a pc names pc A a
Gateway and my pc-which is pc J.
I want that all the traffic from pc A and the Gateway
and vise versa will pass throw pc J. do I need to
connect PC J with two nic cards to the main switch or
with just one, as far as I understand I need to
connect it with 2 nics,am I wrong?

Thanks,

Juan


____________________________________________________________________________________
Never Miss an Email
Stay connected with Yahoo! Mail on your mobile.  Get started!
http://mobile.yahoo.com/services?promote=mail

Juan,

We do an ARP-spoofing lab every semester for our information assurance students. Here's how we do it: We used three boxes: source box (box A), intended destination (box B), and man-in-the-middle (box C). They're all connected to the same switch, and each has a single NIC. A and B are running Windows, and C is running Linux. Initially, A sends a message to B using the Windows Messaging service, while C runs tcpdump. We demonstrate that the traffic between A and B is never seen by C. Repeat for messages from B to A. Then, we poison the ARP caches for A and B, and turn IP forwarding on on box C (change the value of /proc/sys/net/ipv4/ip_forward to 1). Now send another message from A to B (and B to A) and show that the traffic is received by C.

~Dathan


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]