ARP Spoof

IP Tools Snifer (Erwan L)

ARP Spoof

 

  1. Reply / Poison Cache

 

Here you can send forged ARP Replies.

This way you can fool a remote host with the following assertion : MAC SRC belongs to IP SRC.

The remote host will therefore modify his ARP cache accordingly.

 

One possible attack

Network looks like this:

Router is 192.168.1.1, MAC AAAAAA-AAAAAA

You are 192.168.1.2,  MAC BBBBBB-BBBBBB

Victim is 192.168.1.3, MAC CCCCCC-CCCCCC

 

Send the following spoof ARP Reply :  MAC SRC= BBBBBB-BBBBBB, IP SRC=192.168.1.1, MAC DEST= CCCCCC-CCCCCC, IP DEST=192.168.1.3

 

The remote host (192.168.1.3) will then think you (192.168.1.2) are the router since your MAC Addresses is resolved for the IP’s router in the remote host ARP table.

 

  1. Request

 

Here you can send forged / spoofed ARP requests.

Same possible attack as above.

 

Note, to use these functionalities, you must be set to WINPcap mode or NDIS mode for you need to be able to alter layer 2.