ARP spoofing (also known as ARP poisoning) is a technique whereby an attacker sends fake “spoofed” Address Resolution Protocol (ARP) packets onto a Local Area Network (LAN). The purpose of this attack is to associate the attackers MAC address with the IP address of another host (such as a default gateway), causing any traffic that is meant for that IP address to be sent to the attacker instead.

ARP Spoofing may allow an attacker to intercept data frames on LAN, modify the traffic, or stop the traffic altogether. Often the attack is used as an opening for other attacks such as denial of service, man in the middle or session hijacking attacks.

The attack can only be used on networks that make use of the Address Resolution Protocol (ARP) and is limited to local network segments.

This Example

I will be using Linux KaliLinux version 1.0 as the attacker

Forward Linux Traffic

Should this be used as a denial of service attack you won’t need to run this, all traffic will hit the Linux box and terminate causing services not to run.

Should this be used as a man in the middle attack you will need to forward all traffic to the defined gateway

Temporarily Forward Traffic

Permanently Forward Traffic

ARP Spoofing

You should have two ARP attacks running, one against the target computer and one against the gateway for returning traffic.

Hold down Ctrl and press “C” to stop the attacks, two ARP packets will be sent after termination to set the arp table on the computer or router back to how they should be.

Warning

Only use this on devices you either own or have authorisation to use on.

Man in the Middle

  • You can use tools such as Wireshark to capture and analyse packets
  • SSL traffic needs to be stripped before viewing, you can use thee following tool SSLStrip

Conclusion

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.