Arp spoofing under Fedora

Environment: The host ip address is 192.168.1.103 and the host ip address is 192.168.1.100. The Gateway ip address is 192.168.1.1Arp spoofing. in the exchange environment, the host is notified that the MAC address of the host is the gateway MAC address, send the packets sent to me by the spoofed host to the gateway, and then use the local machine to notify the gateway.

Environment:

The local ip address is 192.168.1.103.

The spoofed host ip address is 192.168.1.100.

The gateway is 192.168.1.1.

Arp spoofing: in the exchange environment, the local machine tells the spoofed host that the MAC of the local machine is the gateway MAC, so that the spoofed host will send packets to the gateway to me.

The local Gateway is used to tell the gateway that the MAC of the local host is the MAC of the host to be cheated, so that the packets originally sent by the local host are identified by the Gateway as sent by the host to be cheated.

In this way, the local machine becomes a man-in-the-middle between the host and the gateway, and its data packets are transmitted through the local machine. Therefore, the local machine can capture all data packets for eavesdropping, analysis, and even modification.

The implementation principle is that the local machine continuously sends arp packets to the Gateway and the spoofed host at a faster speed than the real arp packet sending speed, so that the cached arp tables of the two are spoofed.

Specific operation: first enable the forwarding function

Echo 1>/proc/sys/net/ipv4/ip_forward)

Spoofing 192.168.1.100 is a gateway

Arpspoof-I eth0-t 192.168.1.100 192.168.1.1

The local spoofing gateway is 192.168.1.100.

Arpspoof-I eth0-t 192.168.1.1 192.168.1.100

If you do this in a terminal, we recommend that you add the following parameters:>/dev/null 2> & 1 &

Silent execution of the entire spoofing process without outputting a large number of results.

After successful spoofing, you can use wireshark and other software for data packet analysis. When wireshark is used, you can use ip. addr = 192.168.1.100 to filter data packets.