mailing list archives
Re: Arp spoffing question
From: Dathan Bennett <dathan () shsu edu>
Date: Wed, 07 Feb 2007 10:30:10 -0600
Juan B wrote:
I need to demonstrate Arp spoffing to my manager.
lets say that i have in the lab a pc names pc A a
Gateway and my pc-which is pc J.
I want that all the traffic from pc A and the Gateway
and vise versa will pass throw pc J. do I need to
connect PC J with two nic cards to the main switch or
with just one, as far as I understand I need to
connect it with 2 nics,am I wrong?
Never Miss an Email
Stay connected with Yahoo! Mail on your mobile. Get started!
We do an ARP-spoofing lab every semester for our information assurance
students. Here's how we do it:
We used three boxes: source box (box A), intended destination (box B),
and man-in-the-middle (box C). They're all connected to the same
switch, and each has a single NIC. A and B are running Windows, and C
is running Linux.
Initially, A sends a message to B using the Windows Messaging service,
while C runs tcpdump. We demonstrate that the traffic between A and B
is never seen by C. Repeat for messages from B to A.
Then, we poison the ARP caches for A and B, and turn IP forwarding on on
box C (change the value of /proc/sys/net/ipv4/ip_forward to 1).
Now send another message from A to B (and B to A) and show that the
traffic is received by C.