Jump to content

Vmware and arpspoofing


bowler
 Share

Recommended Posts

Hi all,

I need an explanation of why I can't get arpspoofing to work. I think it is because of the particular setup but you can tell me.

--=Particulars=--

Host: Ubuntu 9.10 with 1 wireless adapter

Guest #1 (Attacker): Ubuntu 9.04 bridged

Guest #2 (Victim): Ubuntu 9.10 bridged

Vmware Workstation v7

Now when I begin arpsoofing the victim I check its arp table and see that it's cache is being poisoned correctly. I have turned on forwarding on the Attacker.

I have used both ettercap and arpspoof but the results are the same.

The Victim looses internet connectivity.

Usually how I would set up is like this but I am replacing a physical wireless adapter with one on order

--=Particulars=--

Host: Ubuntu 9.10 with 1 wireless adapter

Guest #1 (Attacker): Ubuntu 9.04 (physical wireless adapter)

Guest #2 (Victim): Ubuntu 9.10 bridged

Vmware Workstation v7

Is it because both guest are bridged to the same host that the victim looses connectivity to the net when the arp poisoning begins?

Thanks.

Link to comment
Share on other sites

I beleive a vmware Bridged nic shares the hosts adapter for connections, as where the NAT option gives them their own ip and mac's.

Link to comment
Share on other sites

I beleive a vmware Bridged nic shares the hosts adapter for connections, as where the NAT option gives them their own ip and mac's.

In a bridged set up each vm do have their "own mac addresses sort of.

When I look into the arp table of the host (no spoofing going) the mac address of all vm's are the same as the host. So yes in that you are correct. Each vm though see's each other with distinct mac addresses. It's just that the host sees all vm's with the same mac address. That of it's own, and probably uses some wizardry to route traffic to the various vm's.

I was wondering if it is because of this that the spoofing will not work as expected.

Link to comment
Share on other sites

Probably. I know that whenever I try to ARP spoof a system on my network from a VM, their net and mine drops out as well, because both systems think the router is <my MAC address here>.

I still dont know why my computer responds to 'its own' ARP poisoning.

Link to comment
Share on other sites

Probably. I know that whenever I try to ARP spoof a system on my network from a VM, their net and mine drops out as well, because both systems think the router is <my MAC address here>.

I still dont know why my computer responds to 'its own' ARP poisoning.

My usual setup is to have 2 usb wireless adapters, one for the host machine and guest bridging. The second is usually attached directly to the vm (attacker) so that the vm (attacker) can access it as a usb wireless device. That works for me. But I did not have one at the moment so I was trying this until a new one arrives.

But now that I think of it. I wonder if I add a third adapter to the host (wired) where the host can use the wired for internet. I can use the host wireless adapter as the bridge for the vm's.

I will try that and see what the results are.

Link to comment
Share on other sites

  • 2 weeks later...

I figured out what was causing me so much problems. I had the ubuntu firewall enabled (ufw). Once I disabled this firewall before I begin to do anything, ettercap/arpspoof works as is expected. No more lost internet on the target.

sudo ufw status
sudo ufw disable

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...