ARP Poisoning with Ettercap Demonstration
This demo is a follow-on to the ARP Poisoning Presentation. It uses the program ettercap to acheive an ARP poisoning attack.
To start with, here’s a written description of the process.
-
Start Wireshark on the attacker.
-
Open the telnet session on one of the victims. Nothing of that telnet session should be visible.
-
In order to do a Man in the Middle (MitM) attack, first set up IP forwarding with
sysctl -w net.ipv4.ip_forward=1
-
Edit /etc/etter.conf to uncomment the lines allowing iptables to forward.
-
Start up ettercap:
ettercap -G
(the -G gives a GUI) -
Start sniffing (unified)
-
Scan for hosts
-
Add targets
-
Start MitM -> ARP Poisoning
-
Start Sniffing
-
Now go back to the victim and start another telnet session
-
On the attacker, Wireshark should now see everything
-
Don’t forgot to explicitly stop the MitM so that it can re-ARP the network