Re: Arp spoofing & dsniff

From: kumar mahadevan (kumar_mahadevan_6@yahoo.ca)
Date: Mon May 06 2002 - 11:37:03 EDT

• Next message: Sumit Dhar: "Re: Arp spoofing & dsniff"
• Previous message: Daniel Polombo: "Re: Arp spoofing & dsniff"
• In reply to: Daniel Polombo: "Re: Arp spoofing & dsniff"
• Next in thread: Ryan Russell: "Re: Arp spoofing & dsniff"
• Reply: Ryan Russell: "Re: Arp spoofing & dsniff"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

on that same note since the discussion is about MAC
spoofing.

I have a basic question and need some help in this
regard;

If I am on a Switched network and I change my MAC
address on my RH 7 box to the victim's (using
IFCONFIG). Now, how do I capture say for e.g Telnet
sessions between the victim and a server running
telnet service.

I don't want to ARP cache poison nor MAC flood the
switch.

of course TCPDUMP host victim's IP address only gives
me NBT queries sent. I'd like to see layer 7
traffic

thanks !

kumar.

--- Daniel Polombo <polombo@cartel-securite.fr> wrote:
> Vs Metal wrote:
>
> > - arpspoof : as soon as i lauch arpspoof, the
> network is
> > almost out of service. I mean i can still ping pcs
> between
> > eachother, but the telnet sessions won't open. ( I
> ENABLED
> > THE IPFORWARDING OPTION ON MY LINUX COMPUTER, and
> it works
> > as the pings go through it ).
>
> There are many ways of using arpspoof. If, for
> instance, you're trying
> to convince everyone on your network that you are
> their default gateway,
> depending on the size of your network, you might not
> be able to actually
> process all the traffic they're sending your way.
>
> An effective way of using arpspoof (I don't doubt
> there are many other
> approaches) would be to target a single box on your
> LAN (victim), and
> convince the gateway (router) that you (attacker)
> are the victim.
> Similarly, you can convince the victim that you are
> the router, creating
> a perfect man-in-the-middle scenario. In this case,
> you only have one
> box's traffic to handle, instead of your whole LAN.
>
> Hope this helps,
>
> Daniel
>
>
>
----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security
> Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA
> service which
> automatically alerts you to the latest security
> vulnerabilities please see:
> https://alerts.securityfocus.com/
>
>
>

______________________________________________________________________
Games, Movies, Music & Sports! http://entertainment.yahoo.ca

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Sumit Dhar: "Re: Arp spoofing & dsniff"
• Previous message: Daniel Polombo: "Re: Arp spoofing & dsniff"
• In reply to: Daniel Polombo: "Re: Arp spoofing & dsniff"
• Next in thread: Ryan Russell: "Re: Arp spoofing & dsniff"
• Reply: Ryan Russell: "Re: Arp spoofing & dsniff"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:20 EDT