July 24th, 2003 04:42 AM
Sniffing switchs with spoofed arp messages..
Alright I have been trying to sniff my LAN at my house. The LAN consists of 4 computers.(STD, WINXPPRO, WIN2000, WINXPHOME) One computer's NIC is plugged into DSL along with its other NIC plugged into the switch, which leads to the 3 other computers.
Ive been reading about sniffing switched networks with spoofed arp messages. What needs to be done is I need to make the "attacking machine" use ip forwarding.
Well my attacking machine is Knoppix-std(I know, not many ppl like this distro). All I know how to do is enable IP forwarding by issueing, echo > 1 /proc/sys/net/ipv4/ip_forward. Thus making the machine forward traffic. But it will do just that, and no more.
THIS IS THE SCENARIO:::
I want all traffic that comes through the switch to my computer be forwarded to the gateway. Arpspoof will change the MAC entrys in the victims ARP table, making it think the std box is the gateway. So all traffic will be sent to STD to be sniffed then forwarded to the gateway. However I can't get STD to forward the victims requests, thus shutting out the victim.
How do I get the STD box to forward the victims traffic, is there a file to vi other then ip_forward? Any good tuts out there on this topic?
mind my sp