Results 1 to 4 of 4

Thread: arp poisoning question

  1. #1
    Member
    Join Date
    Oct 2002
    Posts
    52

    arp poisoning question

    Question about arp poisoning. I got it to work on my notebook and my pc using cain. So i tried entering manually the mac address of my router on my notebook, then poison it. Well it works, but in cain it says half-routing, instead of full-routing. What is half-routing? Another thing, on my notebook, it still shows the manual mac address entered and not the other one, why does it still work? I'm running XP, and Ubuntu on the notebook.

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    A status of "Full-routing" means that the attack is fully functional and you truly are the Man In the Middle, while a status of "Half-routing" implies that you're only a Man In the Middle for traffic flowing in one direction, not both directions.

    Did you use a static entry in the arp table? Eventually the entry will expire if you did not use a static entry.

    --TH13

    PS
    Based on your post, you don't understand networking and stand to do quite a bit of damage if not to your own, to someone elses network. I wouldn't play with cain unless you fully understand what you're doing.
    Last edited by thehorse13; December 4th, 2006 at 11:07 AM.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #3
    Member
    Join Date
    Oct 2002
    Posts
    52
    Yeah, i put in a static entry in my arp table, so the attack shouldn't work, right? But it still does, why? Well i get half-routing

    Ok, I think i know why. It cant change the static arp entry at the computer, but it will change the one at the router end, so everything coming in is sent to the pc acting as the router, then to my end notebook. Right?

  4. #4
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    It works because you've made the static arp entry.

    The issue is that you're not routing traffic you're capturing, thus, you're getting the half-routing message. Again, I would stop and understand what you're doing before you really break something.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •