Cain Arp poisoning prob...

[sar]

hello all
i wz trying Cain's arp poisoing n when i see the arp entries on the computer i'm tryin to poision it shows me the sniffer computers mac(hence arp poision success) but i'm not able to communicate or do anything from the poisoned computer. i tried settin up an ftp server in my subnet n the poisoned node wasn't even able to communicate to that ftp server. what could be the problem, are the packets being discarded by the sniffer computer???

thanx

[MrLinus]

What kind of device are the arps going through? a small hub/switch? Some devices don't take well to that kind of activity and will "crap out".

[kr5kernel]

Sounds like more arp destroying that poisoning. Arp poisoning works by kind of cunfusing the network and routing information through a poisoning device before it is properly sent on its way to the correct machines. What are you trying to accomplish by "trying to communicate with the ftp server"? Or you trying to intercept packets going between machines and the ftp server? Or just doing the posioning and trying to connect to the ftp server. If you are trying to connect to stuff from the posioned computer and you are failing, then the posioning is busted, or hardware is crapping out, else it would route packets correctly, just as if there was no poisoning going on.

[Barov4e]

I have 3 pcs in my lan that are connected through 4port switch. I tried cain's arp poison too, but the sniffer didn't catch any packets between the other 2 pcs. Is that mean that my network is secure and protected form this kind ot attack or there is another problem ?

[Nokia]

I would look in to how a switch works first buddy, it will only send the data packet out the port that has the same MAC address as what is in the desintation MAC address field of the packets header. So what you need to do is either trick the host in to sending the data to your [spoofed] MAC address or find a way to place the receiving host in to a denial of service state then spoof your MAC to be the same as his........good luck!

Key are some good keywords to get you started with google:

TCP Hijacking
MAC spoofing
switch works
ARP poisoning

Maybe check this out too:

http://www.antionline.com/showthread...hreadid=274435

[Barov4e]

I did it. I got this result with spoofed IP and MAC and I use the pre-poison option to be a bridge between the other 2 pcs and the switch

[Barov4e]

I see now (with arp -a) that the IP that I use to spoof with cain has an invalid MAC which is 00:00:00 ...and it must be 11:22:33 ...

[sar]

sorry guyz, wz away
so i did try pre-poison, doesn't work, i did it between 3 pcs in my lab (connected to the main network though to the gateway), (puttin one as ftp server, one with Cain doing the poisionin and 3rd being the victim tryin to communicate to the ftp) doesn't work, the arp entries are being poisoned successfully, but no packets get to the Sniffer, the requests jus time out.

[qwertyman66]

Do you have your network card in Promiscuous mode? If it isn't then it will drop all packets not aimed at your IP address. If you seem to have it in Promiscuous mode, does your Network Card support it? I believe (but don't quote me on this) that some cards don't support promiscuous mode.