Cain Arp poisoning prob...
Results 1 to 9 of 9

Thread: Cain Arp poisoning prob...

  1. #1
    Junior Member
    Join Date
    Oct 2002
    Posts
    6

    Cain Arp poisoning prob...

    hello all
    i wz trying Cain's arp poisoing n when i see the arp entries on the computer i'm tryin to poision it shows me the sniffer computers mac(hence arp poision success) but i'm not able to communicate or do anything from the poisoned computer. i tried settin up an ftp server in my subnet n the poisoned node wasn't even able to communicate to that ftp server. what could be the problem, are the packets being discarded by the sniffer computer???

    thanx

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    What kind of device are the arps going through? a small hub/switch? Some devices don't take well to that kind of activity and will "crap out".
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    Sounds like more arp destroying that poisoning. Arp poisoning works by kind of cunfusing the network and routing information through a poisoning device before it is properly sent on its way to the correct machines. What are you trying to accomplish by "trying to communicate with the ftp server"? Or you trying to intercept packets going between machines and the ftp server? Or just doing the posioning and trying to connect to the ftp server. If you are trying to connect to stuff from the posioned computer and you are failing, then the posioning is busted, or hardware is crapping out, else it would route packets correctly, just as if there was no poisoning going on.
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  4. #4
    Senior Member
    Join Date
    Jul 2003
    Posts
    166
    I have 3 pcs in my lan that are connected through 4port switch. I tried cain's arp poison too, but the sniffer didn't catch any packets between the other 2 pcs. Is that mean that my network is secure and protected form this kind ot attack or there is another problem ?
    BGDevS
    [gloworange]www.peaksoft.info [/gloworange]

  5. #5
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    I would look in to how a switch works first buddy, it will only send the data packet out the port that has the same MAC address as what is in the desintation MAC address field of the packets header. So what you need to do is either trick the host in to sending the data to your [spoofed] MAC address or find a way to place the receiving host in to a denial of service state then spoof your MAC to be the same as his........good luck!

    Key are some good keywords to get you started with google:

    TCP Hijacking
    MAC spoofing
    switch works
    ARP poisoning

    Maybe check this out too:

    http://www.antionline.com/showthread...hreadid=274435
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  6. #6
    Senior Member
    Join Date
    Jul 2003
    Posts
    166
    I did it. I got this result with spoofed IP and MAC and I use the pre-poison option to be a bridge between the other 2 pcs and the switch
    BGDevS
    [gloworange]www.peaksoft.info [/gloworange]

  7. #7
    Senior Member
    Join Date
    Jul 2003
    Posts
    166
    I see now (with arp -a) that the IP that I use to spoof with cain has an invalid MAC which is 00:00:00 ...and it must be 11:22:33 ...
    BGDevS
    [gloworange]www.peaksoft.info [/gloworange]

  8. #8
    Junior Member
    Join Date
    Oct 2002
    Posts
    6
    sorry guyz, wz away
    so i did try pre-poison, doesn't work, i did it between 3 pcs in my lab (connected to the main network though to the gateway), (puttin one as ftp server, one with Cain doing the poisionin and 3rd being the victim tryin to communicate to the ftp) doesn't work, the arp entries are being poisoned successfully, but no packets get to the Sniffer, the requests jus time out.

  9. #9
    Member
    Join Date
    Nov 2004
    Posts
    71
    Do you have your network card in Promiscuous mode? If it isn't then it will drop all packets not aimed at your IP address. If you seem to have it in Promiscuous mode, does your Network Card support it? I believe (but don't quote me on this) that some cards don't support promiscuous mode.
    If everything looks perfect, then there is something you don\'t know

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides