[Arp Posioning In Switched Lan Where Hosts R Using Proxy For Internet]

Hi Everyone,

I want to clear my doubts on arp-posioning. Following is the situation described where I tried to perform this attack :-

Every Host in the LAN segment uses proxy for accessing internet .

Attacker : IP = 10.101.25.100 [running linux mint with all required tools installed]

Victim : Virtual m/c running linux mint using proxy to access internet (using bridged mode in virtual box) IP = 10.101.25.200 / can be any other host in the LAN

Switch (Gateway) : IP = 10.101.25.2 [Cisco IOS 12.x ]

ON ATTACKER M/c:

* edited /etc/etter.conf [

ec_uid = 0

ec_gid = 0

port_steal_send_delay = 1 # microseconds

remote_browser = "firefox -remote openurl(http://%host%url)"

# if you use iptables:

redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

] (read from http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper_c11_603839.html)

* started ettercap successfully

# selected promisc mode then unified sniffing

# selected GATEWAY (10.101.25.2) as TARGET1

# selected VICTIME (10.101.25.200) as TARGET2

# started sniffing

# selected arp-posioning from the mitm menu

# enabled plugins repoison_arp and remote_browser

# opened connections tab from view menu

ON VICTIM m/c :

Before ARP poisoning :

ALL fine internet web browsing was working smoothly remember it is using proxy for accessing internet

After ARP Poisoning :

arp table successfully changed

10.101.25.2 <ATTACKER's MAC ADDR>

But no web page is loading now ....whether google.com facebook.com

Q: IS IT EVER POSSIBLE TO DO ARP-POISONING CORRECTLY IN THIS KIND OF SITUATUION ?

ANY ADVICES/SUGGESTION ARE APPRECIATED !

THANK YOU