ARP reply packet does not update ARP cache on Ubuntu

坚强是说给别人听的谎言 提交于 2019-12-23 04:57:09

问题


So after I have played with the Network Spoofer developed by Digitalsquid (http://digitalsquid.co.uk/netspoof/), I have been trying to get a better understanding of its internal working by writing a c program that does something similar.

My program currently takes in 4 parameters - source ip, source mac, victim ip, and victim mac - and send an ARP reply packet with them. When testing the program on my home network, I would do something like setting the source ip to be the router's ip, source mac to be something bogus, victim ip to be my laptop's ip, and victim mac to be my laptop's wireless card mac.

The problem is, although I can see the packet being sent/received from monitoring the wireless card using tcpdump (ie. I would see something like "01:43:23.656745 ARP, Ethernet (len 6), IPv4 (len 4), Reply rouer-ip is-at bogus-mac-address, length 28", which is just what I expected), the ARP cache entry for the router stays the same (ie. still has the correct mac address).

I am not quite sure what the problem here is, and why I couldn't poison my ARP cache. I read somewhere that it could be my OS, Ubuntu 12.04, dropping the unsolicited ARP packets, so I tried to set /proc/sys/net/ipv4/conf/wlan0/arp_accept to 1 - no luck. I also tried to turn IP forwarding on (setting /proc/sys/net/ipv4/ip_forward to 1) as suggested by another article, and still had no luck.

I would really appreciate if somebody can give me some pointers/hints as to what the problem might be. Also, please correct me if I had a mistake in my understanding - I am quite new in the realm of c programming and ARP spoofing.

Thanks!

JY


回答1:


Its good to take these arguments(source ip,source mac,target ip and target mac),but you are not giving correct values to it.

suppose A=the victim

and B=Gateway/Router/Switch in your network

ARP spoofing is actually convincing both A and B

You need to be more active in sending ARP request/reply to both A and B by giving your MAC address to be desired node.

So that whatever A/B sends will come to you first. IP and MAC address fields are basically updated in CAT(content Addressable Memory) table of switch which keeps on updating time to time.

So when you are sending ARP Reuest to A(i.e Router/Gateway/Switch):-

 Source IP=Victim's IP i.e A
 Source MAc=your MAC(hackers MAC) so that data may come to your system
 Destination IP=Rouer's IP
 Detination MAC will be blank in case of ARP request


来源:https://stackoverflow.com/questions/11896236/arp-reply-packet-does-not-update-arp-cache-on-ubuntu

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!