Problems with Arpspoof
Results 1 to 10 of 10

Thread: Problems with Arpspoof

  1. #1
    Member TheX1le's Avatar
    Join Date
    Sep 2006
    Posts
    73

    Problems with Arpspoof

    First let me state its 4:30am and im working on my 2nd 2liter of Mt Dew so if i miss spell somthing or im unclear im sorry.
    Im working with the latest copy of backtrack and experimenting on my own network. Back track is running on a laptop that is connected via ath0 to a wrt54g that is the dhcp/gateway. from that gateway a wire runs to a 10/100/100 netgear 5 port switch and my desktop is connected to that running winder$ xp (no thats not a spelling mistake)

    Im trying to arp spoof the network so i can understand how to MITM Https for a paper i am writing for school on network security.

    My network is based on the 192.168.1.1
    255.255.255.0 subnet

    If i type
    arpspoof -t 192.168.1.106 192.168.1.101
    .106 = windows box
    .101 = backtrack
    I get an error
    that says it "couldn't arp for host"
    I did a search and all i found was somthign saying i was trying to spoof on a differnt subnet even though im not. If i used Eithercap every thing works fine....
    Any ideas? Thank you -TheX1le
    ...."Cant stop the signal Mel, Every thing goes some where and i go every where."...... "From here to the eyes and the ears of the verse, thats my motto or might be if i start having a motto" - Mr. Universe "Serenity"

  2. #2
    Senior Member linuxcomando's Avatar
    Join Date
    Sep 2001
    Posts
    430
    Did you set up ip forwarding?

    echo 1 > /proc/sys/net/ipv4/ip_forward
    I toor\'d YOU!

  3. #3
    Senior Member linuxcomando's Avatar
    Join Date
    Sep 2001
    Posts
    430
    Wait, i noticed you said ath0 is that your wireless interface? and if so is it in monitor or managed mode.
    I toor\'d YOU!

  4. #4
    Senior Member linuxcomando's Avatar
    Join Date
    Sep 2001
    Posts
    430
    Oh, and Also try arp spoofing the entire network and don't specify the target. I would be curious if you get the same results
    I toor\'d YOU!

  5. #5
    Member TheX1le's Avatar
    Join Date
    Sep 2006
    Posts
    73
    Linux Commando Thank you very much for you help
    ath0 is set to managed mode. I shouldnt have to put it into monitor because i want to connect up the the router not grab packets

    i did not set echo 1 > /proc/sys/net/ipv4/ip_forward because i was running fragrouter -B1 and i think that should forward all traffic does it not?

    I tried setting arpspoof 192.168.1.1 (#gateway address) 192.168.1.255 but got the same result i will try again this evening.

  6. #6
    Senior Member linuxcomando's Avatar
    Join Date
    Sep 2001
    Posts
    430
    You need to edit the arp.c source. There is a function arp_cache_lookup that won't use the correct interface. So in arp.c you need to change:


    strncpy(ar.arp_dev, "eth0", sizeof(ar.arp_dev));

    to

    strncpy(ar.arp_dev, "ath0", sizeof(ar.arp_dev));

    From there you just have to recompile the code. Then it will work like a champ. If you have any other questions let me know.

    linuxcomando
    I toor\'d YOU!

  7. #7
    Member TheX1le's Avatar
    Join Date
    Sep 2006
    Posts
    73
    Are you saying i need to do that even if i use the -i Switch? that lets you pick which interface to run on. and also was i correct in my thinking that fragrouter is forwarding all traffic? Thank you for all your help.

  8. #8
    Senior Member linuxcomando's Avatar
    Join Date
    Sep 2001
    Posts
    430
    Yes Fragroute should forward all your traffic.

    Also, the -i should work. But there was a problem with a few version that even doing -i wlan or -i ath0 wouldnt work. In that case you actually need to change the code.

    linuxcommando
    I toor\'d YOU!

  9. #9
    Member TheX1le's Avatar
    Join Date
    Sep 2006
    Posts
    73
    Ok so i have spent the last half hour messing with this. Im running this on a 3 year old Alienware notebook with a 2.8ht p4. and useing a wag511 Netgear wifi card. If i run eithercap with an arp attack every thing works great i have snarfed all my passwords. Im running Backtrack and the -V of Dsniff is 2.4 Now i went to the authors site and the latest edition is 2.3 but he has a 2.4b1 beta I think that this is what they are useing. I downloaded the beta and made the changes you suggested how ever make throws an error dealing with arpspoof. I contemplated piping it to a file but i didnt think of it till afterwards. Im thinking that its a problem with the wifi. I dont have a nic on this computer its broken so im gonna try to scare up a pcimcia nic to test it out. I tried it on a friends network his is 192.168.50.1 and it was odd it just kept dispaying the syntax like it didnt like the .50 octect. Any ideas where im going wrong? Im thinking it may be a problem with the program its self. Thanks LinuxComando
    ...."Cant stop the signal Mel, Every thing goes some where and i go every where."...... "From here to the eyes and the ears of the verse, thats my motto or might be if i start having a motto" - Mr. Universe "Serenity"

  10. #10
    Senior Member linuxcomando's Avatar
    Join Date
    Sep 2001
    Posts
    430
    When you changed arp.c above, did you recompiled dsniff like you did the first time??
    I.E:
    ./configure&&make&&make install
    I toor\'d YOU!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •