ARP Spoofing problem

[J_K9]

Hi,

I have a home network, and this is kept together by a Linksys WAG54G-UK v1.2. Now, I've been following Irongeek's (amazing) tut on "A Quick Intro to Sniffers" - but I've encountered a few problems.

Firstly, I'll explain about my network: I currently have my Windows laptop connected via an ethernet cable (to make sure Knoppix-StD will be able to access the network - this is the computer I do the spoofing from) to my router, and an iMac G5 connected to the router via wireless. I tried using Ethereal (while on Windows) to detect the packets coming from the Mac as I accessed a website on it, but that didn't work - so I'm guessing this means that it's a switch.

OK, I then booted up Knoppix-StD on my M$ laptop, and checked that the ethernet connection was working - the internet could be accessed, and I was able to ping the iMac (at 192.168.1.101). So, I then went into terminal and typed "echo 1 > /proc/sys/net/ipv4/ip_forward" as the tut says (this, for those who don't know, enables packet forwarding). My laptop's IP address is 192.168.1.100.

I then did:

Code:

arpspoof -t 192.168.1.1 192.168.1.2 & >/dev/null
0:f:b0:1:52:e5 0:12:17:df:56:61 0806 42: arp reply 192.168.1.2 is-at 0:f:b0:1:52:e5
0:f:b0:1:52:e5 0:12:17:df:56:61 0806 42: arp reply 192.168.1.2 is-at 0:f:b0:1:52:e5
0:f:b0:1:52:e5 0:12:17:df:56:61 0806 42: arp reply 192.168.1.2 is-at 0:f:b0:1:52:e5
...

These lines kept on being printed! So much for keeping it in one shell! lol

I then opened up another shell and type in:

Code:

arpspoof -t 192.168.1.2 192.168.1.1 & >/dev/null
0:f:b0:1:52:e5 0:0:0:0:0:0 0806 42: arp reply 192.168.1.1 is-at 0:f:b0:1:52:e5
0:f:b0:1:52:e5 0:0:0:0:0:0 0806 42: arp reply 192.168.1.1 is-at 0:f:b0:1:52:e5
0:f:b0:1:52:e5 0:0:0:0:0:0 0806 42: arp reply 192.168.1.1 is-at 0:f:b0:1:52:e5
...

These lines also kept being printed...So, I assumed that it was working.

I then opened up a third shell, and typed in: "dsniff". This returned the standard "Sniffing packets on eth0" (or something similar to that - I forgot to save it), but nothing else came up. I even went onto my Mac and started uploading things to sites via FTP, access webmail accounts, but nothing showed up.

As I thought that was quite odd, I opened up Ethereal, and started capturing packets. (I saved the packet capture file - it can be found on my site here). There are lots of ARP packets, but I received no TCP ones (from the Mac) and I also received some other odd packets. Could someone please tell me what I am doing wrong? I would really appreciate any help! Thanks in advance,

J_K9

P.S For those of you who've looked at the Ethereal packet capture file - 192.168.1.106 is a desktop which sometimes connect via wireless (it has a static IP address), but isn't connected at the moment.