ARP poisoning

Data that travels over the air and how to protect (or decipher) it

ARP poisoning

Post by Mortecai4 on Fri May 09, 2008 3:44 pm
([msg=2180]see ARP poisoning[/msg])

I've heard of this network hack called ARP poisoning,
and i was wondering if someone could explain it to me,
and if you can use cain and abel for it.
Mortecai4
New User
New User
 
Posts: 44
Joined: Wed Apr 23, 2008 2:14 pm
Blog: View Blog (0)


Re: ARP poisoning

Post by yourmysin on Sun May 11, 2008 4:33 pm
([msg=2274]see Re: ARP poisoning[/msg])

Alright, before you can truly understand ARP poisoning you must ask yourself "What is ARP?". ARP stands for Address Resolution Protocol. Just as it sounds, ARP is used to resolve an IP address to MAC address.

ARP is a broadcast protocol, which means it sends a broadcast message to everyhost in that broadcast domain. This message pretty much says "Who has the ip address 192.168.0.3". Each host checks their IP address against the IP address in the ARP packet. The host who has the correct IP address will respond with something like "I have that IP address, my mac address is 00f3:faf0:ab03". Now that the original device knows the destination devices mac address they can communicate.

Now, What would happen if we could lie about our IP address? Remember, all hosts in the broadcast domain receive the ARP broadcast. If we lie about our IP address, we will then be able to communicate using our MAC address. Of course, the host will still assume us to be legitimate.

We can take this one step further and perform a MITM attack using ARP poisoning. But that's a bit more advanced.

Anyways, yes, you can use Cain for this. Sas01 wrote a decent article on criticalsecurity demonstrating this.
A+, Network+, MCTS(70-620), Security+, CCNA
yourmysin
Experienced User
Experienced User
 
Posts: 83
Joined: Mon Apr 21, 2008 9:02 pm
Location: Newport, Maine, USA
Blog: View Blog (0)


Re: ARP poisoning

Post by leonidas_heaven on Mon Sep 15, 2008 1:56 am
([msg=11773]see Re: ARP poisoning[/msg])

Hey can anybody tell me from where i can see the captured packets using Cain..I mean to say i have captured some packets about 2241 just for trial..and i need to know where are they stored and how can i see what information is present in them...
Challenges are not meant to be taken easily,rather they are meant to be taken Seriously
leonidas_heaven
Experienced User
Experienced User
 
Posts: 66
Joined: Sun Jun 01, 2008 5:20 am
Location: Uttarakhand,India
Blog: View Blog (0)


Re: ARP poisoning

Post by leonidas_heaven on Thu Sep 18, 2008 9:30 am
([msg=11970]see Re: ARP poisoning[/msg])

I have found some HTTP request,some emails,certificates,passwords,etc
But most of the thing looks encrypted can anyone tell me what they are..or what they represent.

In APR-HTTPS they are the information like "closed by server ".So anyone can explain this also.

I have got HTTP(258)-But only one visible email address and password.all other looks like rubbish as i already said.
I am using Cain for this.
Challenges are not meant to be taken easily,rather they are meant to be taken Seriously
leonidas_heaven
Experienced User
Experienced User
 
Posts: 66
Joined: Sun Jun 01, 2008 5:20 am
Location: Uttarakhand,India
Blog: View Blog (0)


Re: ARP poisoning

Post by theChameleon on Sun Oct 26, 2008 2:22 am
([msg=14104]see Re: ARP poisoning[/msg])

leonidas_heaven wrote:Hey can anybody tell me from where i can see the captured packets using Cain..I mean to say i have captured some packets about 2241 just for trial..and i need to know where are they stored and how can i see what information is present in them...



i dun think u can do that using Cain and Abel. if memory serves, i think u can see the really low level packet stuff if u use Ethereal or some other packet analysers.

maybe u can write to oxid and ask them to provide this function... shouldnt be a problem since they are so 1337 and stuff.
theChameleon
New User
New User
 
Posts: 5
Joined: Sat Oct 25, 2008 7:15 am
Blog: View Blog (0)



Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests