Re: Arp spoofing & dsniff

From: kumar mahadevan (kumar_mahadevan_6at_private)
Date: Mon May 06 2002 - 08:37:03 PDT

Next message: Sumit Dhar: "Re: Arp spoofing & dsniff"

Previous message: Daniel Polombo: "Re: Arp spoofing & dsniff"
In reply to: Daniel Polombo: "Re: Arp spoofing & dsniff"
Next in thread: Ryan Russell: "Re: Arp spoofing & dsniff"
Next in thread: Sumit Dhar: "Re: Arp spoofing & dsniff"
Reply: Ryan Russell: "Re: Arp spoofing & dsniff"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

on that same note since the discussion is about MAC
spoofing.

I have a basic question and need some help in this
regard;

If I am on a Switched network and I change my MAC
address on my RH 7 box to the victim's (using
IFCONFIG). Now, how do I capture say for e.g Telnet
sessions between the victim and a server running
telnet service.

I don't want to ARP cache poison  nor MAC flood the
switch.

of course TCPDUMP host victim's IP address only gives
me NBT queries sent. I'd like to see layer 7
traffic

thanks !

kumar.


--- Daniel Polombo <polombo@cartel-securite.fr> wrote:
> Vs Metal wrote:
> 
> > - arpspoof : as soon as i lauch arpspoof, the
> network is 
> > almost out of service. I mean i can still ping pcs
> between 
> > eachother, but the telnet sessions won't open. ( I
> ENABLED 
> > THE IPFORWARDING OPTION ON MY LINUX COMPUTER, and
> it works 
> > as the pings go through it ).
> 
> There are many ways of using arpspoof. If, for
> instance, you're trying 
> to convince everyone on your network that you are
> their default gateway, 
> depending on the size of your network, you might not
> be able to actually 
> process all the traffic they're sending your way.
> 
> An effective way of using arpspoof (I don't doubt
> there are many other 
> approaches) would be to target a single box on your
> LAN (victim), and 
> convince the gateway (router) that you (attacker)
> are the victim. 
> Similarly, you can convince the victim that you are
> the router, creating 
> a perfect man-in-the-middle scenario. In this case,
> you only have one 
> box's traffic to handle, instead of your whole LAN.
> 
> Hope this helps,
> 
>    Daniel
> 
> 
>
----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security
> Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA
> service which
> automatically alerts you to the latest security
> vulnerabilities please see:
> https://alerts.securityfocus.com/
> 
> 
> 


______________________________________________________________________ 
Games, Movies, Music & Sports! http://entertainment.yahoo.ca

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Sumit Dhar: "Re: Arp spoofing & dsniff"
Previous message: Daniel Polombo: "Re: Arp spoofing & dsniff"
In reply to: Daniel Polombo: "Re: Arp spoofing & dsniff"
Next in thread: Ryan Russell: "Re: Arp spoofing & dsniff"
Next in thread: Sumit Dhar: "Re: Arp spoofing & dsniff"
Reply: Ryan Russell: "Re: Arp spoofing & dsniff"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon May 06 2002 - 11:23:50 PDT