First let me state its 4:30am and im working on my 2nd 2liter of Mt Dew so if i miss spell somthing or im unclear im sorry.
Im working with the latest copy of backtrack and experimenting on my own network. Back track is running on a laptop that is connected via ath0 to a wrt54g that is the dhcp/gateway. from that gateway a wire runs to a 10/100/100 netgear 5 port switch and my desktop is connected to that running winder$ xp (no thats not a spelling mistake)
Im trying to arp spoof the network so i can understand how to MITM Https for a paper i am writing for school on network security.
My network is based on the 192.168.1.1
If i type
arpspoof -t 192.168.1.106 192.168.1.101
.106 = windows box
.101 = backtrack
I get an error
that says it "couldn't arp for host"
I did a search and all i found was somthign saying i was trying to spoof on a differnt subnet even though im not. If i used Eithercap every thing works fine....
Any ideas? Thank you -TheX1le
September 26th, 2006, 08:37 PM
Did you set up ip forwarding?
echo 1 > /proc/sys/net/ipv4/ip_forward
September 26th, 2006, 08:44 PM
Wait, i noticed you said ath0 is that your wireless interface? and if so is it in monitor or managed mode.
September 26th, 2006, 08:45 PM
Oh, and Also try arp spoofing the entire network and don't specify the target. I would be curious if you get the same results
September 26th, 2006, 09:22 PM
Linux Commando Thank you very much for you help
ath0 is set to managed mode. I shouldnt have to put it into monitor because i want to connect up the the router not grab packets
i did not set echo 1 > /proc/sys/net/ipv4/ip_forward because i was running fragrouter -B1 and i think that should forward all traffic does it not?
I tried setting arpspoof 192.168.1.1 (#gateway address) 192.168.1.255 but got the same result i will try again this evening.
September 26th, 2006, 10:28 PM
You need to edit the arp.c source. There is a function arp_cache_lookup that won't use the correct interface. So in arp.c you need to change:
strncpy(ar.arp_dev, "eth0", sizeof(ar.arp_dev));
strncpy(ar.arp_dev, "ath0", sizeof(ar.arp_dev));
From there you just have to recompile the code. Then it will work like a champ. If you have any other questions let me know.
September 26th, 2006, 11:11 PM
Are you saying i need to do that even if i use the -i Switch? that lets you pick which interface to run on. and also was i correct in my thinking that fragrouter is forwarding all traffic? Thank you for all your help.
September 26th, 2006, 11:16 PM
Yes Fragroute should forward all your traffic.
Also, the -i should work. But there was a problem with a few version that even doing -i wlan or -i ath0 wouldnt work. In that case you actually need to change the code.
September 27th, 2006, 04:30 AM
Ok so i have spent the last half hour messing with this. Im running this on a 3 year old Alienware notebook with a 2.8ht p4. and useing a wag511 Netgear wifi card. If i run eithercap with an arp attack every thing works great i have snarfed all my passwords. Im running Backtrack and the -V of Dsniff is 2.4 Now i went to the authors site and the latest edition is 2.3 but he has a 2.4b1 beta I think that this is what they are useing. I downloaded the beta and made the changes you suggested how ever make throws an error dealing with arpspoof. I contemplated piping it to a file but i didnt think of it till afterwards. Im thinking that its a problem with the wifi. I dont have a nic on this computer its broken so im gonna try to scare up a pcimcia nic to test it out. I tried it on a friends network his is 192.168.50.1 and it was odd it just kept dispaying the syntax like it didnt like the .50 octect. Any ideas where im going wrong? Im thinking it may be a problem with the program its self. Thanks LinuxComando
September 27th, 2006, 10:53 AM
When you changed arp.c above, did you recompiled dsniff like you did the first time??