Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: cain arp poisoning

  1. #1
    Banned
    Join Date
    Jul 2006
    Posts
    12

    cain arp poisoning

    when i do the arp poisoning (sniffing) using cain ... how will it affect my network (in what way ... how will it be noticible ... what effects will it have)

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Typically if you read the docs that come with the tool, this sort of thing is explained. Also, if you don't understand what the effects will be, it's better not to play on a network you don't own.

    Have a look here:
    http://en.wikipedia.org/wiki/ARP_poisoning

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #3
    Junior Member
    Join Date
    Jul 2006
    Posts
    5
    Sounds like some good advice to me, but I can guarantee that the arp poisoning will be noticed if you have anyone who is monitoring an IDS that uses amomoly detection. On top of that you will be definitely stirring up some more traffic 'especially suspicious traffic'. If your not sure on this and you don't own the network, better to not start playing. Practice on your own home lab.

  4. #4
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    in C47's defense... he did say 'my network' but that could mean any number of things... I have found however, that if you try to poison too many hosts on the network, it can result in a denial of service [DOS]... but like the previous posts stated, experiment on your home network... in any other setting, this could be considered extremely unethical and possibly illegal.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  5. #5
    Banned
    Join Date
    Jul 2006
    Posts
    12
    thx everyone...so basically its a dos in progress (that can stop the network altogether) ....

    the reason i asked this was that with cain, i find multiple adapters and i cant seem to find my own adpter for the network....i dont want to go ahead and start 'arping' some other companies network.....

    i want to 'sniff' my own network not some one elses......but cain doesnt show my network address

    everyonein my network has the same adpter (D-Link 530TX) but the adresses are different....howz that?

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    i dont want to go ahead and start 'arping' some other companies network.....
    everyonein my network has the same adpter (D-Link 530TX) but the adresses are different....howz that?
    To whom does this network actually belong? if it really IS YOURS, how do you expect to inadvertently access the network of another company?

    If this network does NOT belong to you, as I strongly suspect, DO not mess about on it with things you obviously don't understand.

    If all the devices on a network had the same address, how would the system know where to send things?................sending all packets to everybody would hardly be efficient?............ that really would DoS your network?

  7. #7
    Banned
    Join Date
    Jul 2006
    Posts
    12

    Unhappy

    i feel like a uber n00b now....

    To whom does this network actually belong? if it really IS YOURS, how do you expect to inadvertently access the network of another company?
    sorry i just found out that the scan result in all my active network machines....

    so heres the question
    "APR enables you to hijack IP traffic between the selected host on the left list and all selected hosts on the right list in both directions. If a selected host has routing capabilities WAN traffic will be intercepted also. Please note that since your machine has not the same performance of a router you could cause DoS if you set APR between your Default Gateway and all other hosts on your LAN."

    how fast is a router? why cant my machine be fast enough?

    look plz dont panic....i was under the false impression that the left side was some kinda router and the right side was the list of machines connected to it....(i assumed that from the cain video from irongeeks)

  8. #8
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    No offense, but if you don't understand how each machine has the same model of network adapter, but different ip addresses... you have little understanding about TCP/IP, the OSI model, switching, ARP, hubs/switches, routing, etc.

    I strongly recommend you get a better understanding of basic networking before you play around with tools like cain or ettercap. They are fun to toy around with, but if you don't understand what is going on... it's about worthless. And, as mentioned... you can cause some serious hicups on "your" network. I don't think the other users (not to mention the real admin) would appreciate your will to learn when done without regard for what you're actually doing.

    Any decent networking book will teach you all of the above. Heck... even the Hacking Exposed series will teach you the basics along with give you a better understanding of what you're asking here.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  9. #9
    Banned
    Join Date
    Jul 2006
    Posts
    12

    Unhappy

    i got it now, i ran the arp poisoning for a minute and saw the packets transfer...my system wasnt able to keep up....guess thats about it then...

    I found this good guide from datastronghold about Cain and Abel

    http://www.datastronghold.com/content/view/136/29

    i had the whole idea wrong..perhaps becoz i didnt read the cain messages properly and didnt watch the video with the sound on...lol

  10. #10
    Senior Member
    Join Date
    Aug 2006
    Location
    India
    Posts
    289
    Ok well..what does the ARP poisioning mean? I knew that the DNS cache poisioning was changing the DNS chache of the remote computers' DNS server to make to redirect the browser to some other site when the victim types the address of his choice!

    So does the ARP poisioning do somehing similar like make the machines believe that they are sending the data to the legitimate host whice it is being trasmitted to the "Hacker's" machine?
    "Everything should be made as simple as possible, but not simpler."

    - Albert Einstein

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •