Home page logo
/

basics logo Security Basics mailing list archives

RE: Arp spoffing question
From: "David Bonvillain" <DBonvillain () accuvant com>
Date: Wed, 7 Feb 2007 09:17:10 -0700

Agreed, Ettercap is the best practical example of ARP spoofing / ARP
cache poisoning techniques.

-
db


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Arjuna Scagnetto
Sent: Wednesday, February 07, 2007 8:46 AM
To: Juan B
Cc: security-basics () securityfocus com
Subject: Re: Arp spoffing question

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I need to demonstrate Arp spoffing to my manager.
lets say that i have in the lab a pc names pc A a
Gateway and my pc-which is pc J.
I want that all the traffic from pc A and the Gateway
and vise versa will pass throw pc J. do I need to
connect PC J with two nic cards to the main switch or
with just one, as far as I understand I need to
connect it with 2 nics,am I wrong?

You can use only one ethernet card, try "ettercap" is a simple but
powerfull program to do this kind of job.

arpspoofing miniminiminihowto

PC J has jj:jj:jj:jj:jJ:JJ mac address for simplicity  jj::
PC A has aa:aa:aa:aa:aa:aa mac address  for simplicity aa::
GW has gw:gw:gw:gw:gw:gw mac address for simplicity    gw::

PC J tells to GW "this is my mac address aa::"
PC tells to PC a "this is my mac address gw::"

this kind of messages are allowed since there's the security hole in the
arp protocol it self.

look for ettercap with google you'll find many many interesting web
sites.

Arjuna
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFFyfRF7hNGJisFPxQRAgxBAKDWgCI62He7Ek0j3M0ui19xluzB0gCggbUE
W1wOIreVNZKSyIf+N9os71o=
=/LlN
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault