Sniffing switchs with spoofed arp messages..
Results 1 to 6 of 6

Thread: Sniffing switchs with spoofed arp messages..

  1. #1
    Senior Member br_fusion's Avatar
    Join Date
    Apr 2002
    Posts
    167

    Sniffing switchs with spoofed arp messages..

    Alright I have been trying to sniff my LAN at my house. The LAN consists of 4 computers.(STD, WINXPPRO, WIN2000, WINXPHOME) One computer's NIC is plugged into DSL along with its other NIC plugged into the switch, which leads to the 3 other computers.

    Ive been reading about sniffing switched networks with spoofed arp messages. What needs to be done is I need to make the "attacking machine" use ip forwarding.

    Well my attacking machine is Knoppix-std(I know, not many ppl like this distro). All I know how to do is enable IP forwarding by issueing, echo > 1 /proc/sys/net/ipv4/ip_forward. Thus making the machine forward traffic. But it will do just that, and no more.

    THIS IS THE SCENARIO:::
    I want all traffic that comes through the switch to my computer be forwarded to the gateway. Arpspoof will change the MAC entrys in the victims ARP table, making it think the std box is the gateway. So all traffic will be sent to STD to be sniffed then forwarded to the gateway. However I can't get STD to forward the victims requests, thus shutting out the victim.

    How do I get the STD box to forward the victims traffic, is there a file to vi other then ip_forward? Any good tuts out there on this topic?

    Thanks fellas,
    mind my sp

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    I don't think you really need to redirect all that traffic...

    If you want to sniff your switched lan... look into ettercap or another sniffer that will do the same thing.

    It is included in the distro you are using.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Senior Member br_fusion's Avatar
    Join Date
    Apr 2002
    Posts
    167
    is that active sniffing?

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    Well, without the plugins... it is passive.

    There are plugins which make it active. That will allow you to flood, kill, etc.

    The docs on the ettercap site will give you all of the abilities for it.

    It is really a cool sniffer. One of my favorite tools lately...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    Senior Member
    Join Date
    Mar 2002
    Posts
    442
    quote from http://ettercap.sourceforge.net/
    It supports active and passive dissection
    Read phishphreek80's post and the link he provided you. He wasn't posting just for fun, really.

  6. #6
    Senior Member br_fusion's Avatar
    Join Date
    Apr 2002
    Posts
    167
    Alright thanks man.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides