Arp spoofing and sniffing are also used in linux.

Original article: chinaitlab.com is a record process. It has been playing cain for a long time in windows and found that it occupies a high cpu. The key is that there is no command line. Today, I also met a linux user who directly obtained the root password. Go to centos's arp spoofing and sniff. (Federacore10 is used for testing on the local virtual machine first ). Dsniff is used.

Source: chinaitlab.com

It's a recording process. I 've been playing cain for a long time in windows and found that he occupiesCpU is high, the key is notCommand.

Today, I also met a linux user who directly obtained the root password. Go to centos's arp spoofing and sniff. (First use f in the local Virtual MachineEdEra core 10 tested ). Protocol keywords, including fDdI, ip, arp, rarp, tcp, udp, etc. Fddi indicates a specific network protocol on FDDI (Distributed Optical Fiber Data Interface Network). In fact, it is the alias of ether. fddi and ether have similar source and destination addresses, therefore, the fddi protocol package can be processed and analyzed as the ether package. The other keywords indicate the Protocol content of the listener package. If no protocol is specified, tcpDuMp listens to the information packages of all protocols.

Dsniff is used. For more information, see the previous article. In addition, I have installed tcpDump.

Let's talk about it here.TcpdumpFilter parameters:

The first type keyword mainly includes host, net, port, for example host 210.27.48.2. It indicates that 210.27.48.2 is a host, and net 202.0.0.0 indicates that 202.0.0.0 is a network address, port 23 indicates that the port number is 23. If no type is specified, the default type is host.

The second type is the key words for determining the transmission direction, including src, dst, dst or src, dst and src, which indicate the transmission direction. For example, src 210.27.48.2 indicates that the source address in the IP package is 210.27.48.2, and dst net 202.0.0.0 indicates that the destination network address is 202.0.0.0. If no direction keyword is specified, the src or dst keyword is used by default.

The third type is

In addition to the three types of keywords, other important keywords are as follows: gateway, broadcast,Less, Greater, there are three logical operations. The non-operation is 'not ''! ', And the operation is 'and',' & '; or the operation is 'or',' │ '; these keywords can be combined to form a powerful combination condition to meet people's needs, the following are examples.

For example:

# Tcpdump host 210.27.48.1

# Tcpdump host 210.27.48.1 or 210.27.48.2

# Tcpdump tcp port 23 host 210.27.48.1

See: http://www.thismail.org/BbsThread-2787-1-1.html

Note: If you want to dump the package for other software analysis, the tcpdump package length limit must be removed by default by 90 bytes.

The-s 0 parameter is added.

Dsniff usage:

Http://www.godupgod.com/post/102.html

Arpspoof [-I interface] [-t target ip] host

The ip address of the target and host can be used as needed in my test, but only one direction is determined.

For example, if the host writes the gateway and the target writes the ip address to be spoofed, all the packets sent by the gateway to the outside are used.

In turn, if the target is the gateway, It is the package that comes in outside.

If you want to implement bidirectional routing, you need to run two arp commands and replace the ip addresses of the target and the host.

Please.

In addition, we also found a problem. In addition to multiple ip Address Spoofing, We need to enable multiple arpspoof,

That is, he cannot forge a mac, so that he can easily expose himself.

========== Based on the above reasons, we recommend that you use ettercap