mailing list archives
RE: Arp spoffing question
From: "David Bonvillain" <DBonvillain () accuvant com>
Date: Wed, 7 Feb 2007 09:17:10 -0700
Agreed, Ettercap is the best practical example of ARP spoofing / ARP
cache poisoning techniques.
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Arjuna Scagnetto
Sent: Wednesday, February 07, 2007 8:46 AM
To: Juan B
Cc: security-basics () securityfocus com
Subject: Re: Arp spoffing question
-----BEGIN PGP SIGNED MESSAGE-----
I need to demonstrate Arp spoffing to my manager.
lets say that i have in the lab a pc names pc A a
Gateway and my pc-which is pc J.
I want that all the traffic from pc A and the Gateway
and vise versa will pass throw pc J. do I need to
connect PC J with two nic cards to the main switch or
with just one, as far as I understand I need to
connect it with 2 nics,am I wrong?
You can use only one ethernet card, try "ettercap" is a simple but
powerfull program to do this kind of job.
PC J has jj:jj:jj:jj:jJ:JJ mac address for simplicity jj::
PC A has aa:aa:aa:aa:aa:aa mac address for simplicity aa::
GW has gw:gw:gw:gw:gw:gw mac address for simplicity gw::
PC J tells to GW "this is my mac address aa::"
PC tells to PC a "this is my mac address gw::"
this kind of messages are allowed since there's the security hole in the
arp protocol it self.
look for ettercap with google you'll find many many interesting web
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
-----END PGP SIGNATURE-----
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.