问题
So after I have played with the Network Spoofer developed by Digitalsquid (http://digitalsquid.co.uk/netspoof/), I have been trying to get a better understanding of its internal working by writing a c program that does something similar.
My program currently takes in 4 parameters - source ip, source mac, victim ip, and victim mac - and send an ARP reply packet with them. When testing the program on my home network, I would do something like setting the source ip to be the router's ip, source mac to be something bogus, victim ip to be my laptop's ip, and victim mac to be my laptop's wireless card mac.
The problem is, although I can see the packet being sent/received from monitoring the wireless card using tcpdump (ie. I would see something like "01:43:23.656745 ARP, Ethernet (len 6), IPv4 (len 4), Reply rouer-ip is-at bogus-mac-address, length 28", which is just what I expected), the ARP cache entry for the router stays the same (ie. still has the correct mac address).
I am not quite sure what the problem here is, and why I couldn't poison my ARP cache. I read somewhere that it could be my OS, Ubuntu 12.04, dropping the unsolicited ARP packets, so I tried to set /proc/sys/net/ipv4/conf/wlan0/arp_accept to 1 - no luck. I also tried to turn IP forwarding on (setting /proc/sys/net/ipv4/ip_forward to 1) as suggested by another article, and still had no luck.
I would really appreciate if somebody can give me some pointers/hints as to what the problem might be. Also, please correct me if I had a mistake in my understanding - I am quite new in the realm of c programming and ARP spoofing.
Thanks!
JY
回答1:
Its good to take these arguments(source ip,source mac,target ip and target mac),but you are not giving correct values to it.
suppose A=the victim
and B=Gateway/Router/Switch in your network
ARP spoofing is actually convincing both A and B
You need to be more active in sending ARP request/reply to both A and B by giving your MAC address to be desired node.
So that whatever A/B sends will come to you first. IP and MAC address fields are basically updated in CAT(content Addressable Memory) table of switch which keeps on updating time to time.
So when you are sending ARP Reuest to A(i.e Router/Gateway/Switch):-
Source IP=Victim's IP i.e A
Source MAc=your MAC(hackers MAC) so that data may come to your system
Destination IP=Rouer's IP
Detination MAC will be blank in case of ARP request
来源:https://stackoverflow.com/questions/11896236/arp-reply-packet-does-not-update-arp-cache-on-ubuntu