Problems With Arp Spoofing @ Backtrack 5 Vm

[Flex]

Hello,

I'm running Backtrack 5 on in an VM (VMware Workstation) and I am getting troubles when I try to do a arpspoof on our LAN Network (not an other VM).

I used the tutorial of Hak5:

Doing this I'm getting this error:

arpspoof: couldn't arp for host 192.168.123.254[/CODE]

The LAN Computer's Network Address is: 192.168.123.102

Im doing to following things for ARP Spoofing:

[CODE]
cat /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_forward
cat /proc/sys/net/ipv4/ip_forward

screen
arpspoof -t 192.168.42.254 192.168.123.102
CTRL+a S (Split)
CTRL+a TAB (Jumping to next display region)
CTRL+a C (Create the session in region)
arpspoof -t 192.168.42.102 192.168.123.254
[/CODE]

The first one giving me an result, but the second one (arpspoof -t 192.168.123.102 192.168.42.254) gives the error I gave above.

My ifconfig looks like this:

[CODE]eth1 Link encap:Ethernet HWaddr 00:0c:29:27:8d:30
inet addr:192.168.42.135 Bcast:192.168.42.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe27:8d30/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1446 errors:0 dropped:0 overruns:0 frame:0
TX packets:2823 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:89969 (89.9 KB) TX bytes:148952 (148.9 KB)
Interrupt:19 Base address:0x2024
[/CODE]

Instead of 192.168.42.254 I also tried using 192.168.123.254 (which is the one on the PC running the VM) which is also not working.

If anyone could help me, I would really apriciate that :)

If any more information is needed, tell me :)

Regards,

Melvin Koopmans

Edited May 20, 2011 by Flex

[digip]

You can't arp spoof on different subnets as far as I know because they don't flow through the same gateway, which is an impotant step in the arp spoof.

VM's have their own virtual gateway, so you can only ARP spoof other VM's unless you disabled the wired NIC in the VM and use a USB wireless or wired adapter to get an address directly from the same router/gateway as the LAN machines. You can try bridged mode in the VM but I think it still flows traffic through a virtual gateway.

192.168.123.0/24 and 192.168.42.0/24 are two completely different networks. Not that they cant speak to each other, but on entirely different subnets, and as such, the spoof needs to be on the same subnet.

[Flex]

Hello,

Ive set my settings of the network adapter to "Bridged", which made it work ;)

Edited May 20, 2011 by Flex

[digip]

Hello,

Thanks for your comment.

I am using Ethernet, and Darren was using a laptop (if im right): so with wireless internet means it would have worked for him ;)

So not possible with Ethernet I guess.

I'm going to try it with my Mac OS X laptop which also has an Backtrack 5 VM, with wireless internet ;)

Thanks

I think you fail to understand the fundamentals of networking in general. Has nothing to do with wired or wireless. You cna ARP Spoof on both wired and wireless. Has to do with subnets and the fact that they are on two different network segments and ARP is a layer 2 protocol. The reason the VM can reach the internet is because the VM has its own virtual gateway that it forwards communications through the host machine via IP routing(layer 3). ARP works at layer 2, which means they have to be on the same physical network segment because of the MAC addresses don't cross layer 3. The router indexes IP to MAC addresses in its arp table based on locally connected devices. So this is why I said use an external adapter tied to the VM, so you can get an IP address on the same subnet as the physical LAN from the same router used on the physical LAN.

Edited May 20, 2011 by digip

[Flex]

Hehe :D

Sorry I didn't readed "wired" too :D, thought you only said wireless.

My fault ^^

I changed it to "Bridged" now which made the VM connect directly to the physical network :)

Thanks, you helped me alot with fixing it :)