In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
Address resolution protocol
ARP (Addre***esolution Protocol) is a TCP/IP protocol that obtains physical addresses based on IP addresses. When sending information, the host broadcasts the ARP request containing the destination IP address to all hosts on the network and receives a return message to determine the physical address of the destination
ARP deception
* users can send pseudo ARP reply messages to a host, so that the information it sends cannot reach the expected host or the wrong host, which constitutes an ARP spoofing.
1. Fake ARP reply packet (unicast)
XXX,Ihave IP YYY and my MAC is ZZZ!
2. Fake ARPreply packet (broadcast)
Helloeveryone! I have IP YYY and my MAC is ZZZ!
Spread fake IP/MAC to everyone
3. Fake ARPrequest (broadcast)
I have IP XXX and my MAC is YYY.
Who hasIP ZZZ? Tell me please!
MAC that looks for IP ZZZ is actually broadcasting fake IP and MAC mappings (XXX,YYY).
4. Fake ARPrequest (unicast)
Known MAC of IP ZZZ
Hello IPZZZ! I have IP XXX and my MAC is YYY.
5. Impersonate a middleman
Enabling packet forwarding on spoofed hosts (MAC is MMM)
Send a fake ARPReply to the host AAA:
AAA,Ihave IP BBB and my MAC is MMM
Send a fake ARPReply to the host BBB:
BBB,Ihave IP AAA and my MAC is MMM
Because of the aging mechanism of ARP Cache, it is sometimes necessary to do periodic continuous deception.
The verification of arp spoofing is completed by running on the virtual machine.
Open the virtual machine and assign an IP address to the virtual machine so that the virtual machine can connect to the Internet.
Commands on the virtual machine command interface
1. Ifconfig (check whether it is matched with ip)
2. Ping172.28.15.55
3. Arpspoof-i ech0-t 172.28.15.55 172.28.15.254
/ * echo 1 > / proc/sys/net/ipv4/ip_forward
Echo 1 percent /
4. Cd / proc/sys/net/ipv4 (in the file)
Cat ip
Cat ip_forward
5. Arpspoof-i eth0-t 172.28.15.254 172.28.15.55
6. Driftnet (shows the captured image)
7. History (View History command)
Steps 1 and 2 prove that it can be connected to 172.28.15.55, and this computer can also access the Internet at this time.
The third step is 172.28.15.55 this computer sends ARP to ask what the MAC address of this gateway is. My computer keeps sending messages to 172.28.15.55, deceiving it that the MAC of 172.28.15.254 is the MAC address of my computer. At this time, all the icmp packets sent by 172.28.15.55 from this computer are sent to my computer, so it can not be connected to the Internet.
This is the easiest way to verify ARP spoofing.
The fourth step is to store the data sent on the Internet in my file.
Every 5 steps is to deceive the gateway to send the data from the external network to 172.28.15.55 to my target file, and then forward it to 172.28.15.55 through my computer.
Step 6 is to intercept the image from the data stream sent to the computer 172.28.15.55 on the extranet.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.