Jump to content

Problems With Arp Spoofing @ Backtrack 5 Vm


Flex
 Share

Recommended Posts

Hello,

I'm running Backtrack 5 on in an VM (VMware Workstation) and I am getting troubles when I try to do a arpspoof on our LAN Network (not an other VM).

I used the tutorial of Hak5:

Doing this I'm getting this error:

arpspoof: couldn't arp for host 192.168.123.254[/CODE]

The LAN Computer's Network Address is: 192.168.123.102

Im doing to following things for ARP Spoofing:

[CODE]
cat /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_forward
cat /proc/sys/net/ipv4/ip_forward

screen
arpspoof -t 192.168.42.254 192.168.123.102
CTRL+a S (Split)
CTRL+a TAB (Jumping to next display region)
CTRL+a C (Create the session in region)
arpspoof -t 192.168.42.102 192.168.123.254
[/CODE]

The first one giving me an result, but the second one (arpspoof -t 192.168.123.102 192.168.42.254) gives the error I gave above.

My ifconfig looks like this:

[CODE]eth1 Link encap:Ethernet HWaddr 00:0c:29:27:8d:30
inet addr:192.168.42.135 Bcast:192.168.42.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe27:8d30/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1446 errors:0 dropped:0 overruns:0 frame:0
TX packets:2823 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:89969 (89.9 KB) TX bytes:148952 (148.9 KB)
Interrupt:19 Base address:0x2024
[/CODE]

Instead of 192.168.42.254 I also tried using 192.168.123.254 (which is the one on the PC running the VM) which is also not working.

If anyone could help me, I would really apriciate that :)

If any more information is needed, tell me :)

Regards,

Melvin Koopmans

Edited by Flex
Link to comment
Share on other sites

You can't arp spoof on different subnets as far as I know because they don't flow through the same gateway, which is an impotant step in the arp spoof.

VM's have their own virtual gateway, so you can only ARP spoof other VM's unless you disabled the wired NIC in the VM and use a USB wireless or wired adapter to get an address directly from the same router/gateway as the LAN machines. You can try bridged mode in the VM but I think it still flows traffic through a virtual gateway.

192.168.123.0/24 and 192.168.42.0/24 are two completely different networks. Not that they cant speak to each other, but on entirely different subnets, and as such, the spoof needs to be on the same subnet.

Link to comment
Share on other sites

Hello,

Thanks for your comment.

I am using Ethernet, and Darren was using a laptop (if im right): so with wireless internet means it would have worked for him ;)

So not possible with Ethernet I guess.

I'm going to try it with my Mac OS X laptop which also has an Backtrack 5 VM, with wireless internet ;)

Thanks

I think you fail to understand the fundamentals of networking in general. Has nothing to do with wired or wireless. You cna ARP Spoof on both wired and wireless. Has to do with subnets and the fact that they are on two different network segments and ARP is a layer 2 protocol. The reason the VM can reach the internet is because the VM has its own virtual gateway that it forwards communications through the host machine via IP routing(layer 3). ARP works at layer 2, which means they have to be on the same physical network segment because of the MAC addresses don't cross layer 3. The router indexes IP to MAC addresses in its arp table based on locally connected devices. So this is why I said use an external adapter tied to the VM, so you can get an IP address on the same subnet as the physical LAN from the same router used on the physical LAN.

Edited by digip
Link to comment
Share on other sites

Hehe :D

Sorry I didn't readed "wired" too :D, thought you only said wireless.

My fault ^^

I changed it to "Bridged" now which made the VM connect directly to the physical network :)

Thanks, you helped me alot with fixing it :)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...