ARP

ARP Poisoning

Theory

ARP

Address Resolution Protocol (ARP) is a protocol that connects a device's IP address to its MAC address in a local area network (LAN). ARP is necessary because computers need to know the IP address and MAC address of a destination before they can start network communication.

ARP Poisoning

ARP poisoning, also known as ARP spoofing, is a cyber attack that uses malicious ARP packets to change the IP to MAC address table on a LAN's default gateway.

Practical

Ettercap

1. Start Ettercap

sudo apt install ettercap-graphical

sudo ettercap -G

2. Scan for Hosts

On the top right corner click on three dots

Click on Hosts

Click on Scan for hosts

3. List available Hosts

On the top right corner click on three dots

Click on Hosts

Click on Hosts lists

4. Start ARP Poisoning

Go to Hosts list

Select a MAC address and Click on Add to Target1

Select another MAC address and Click on Add to Target2

Now open wireshark and capture the traffic between the two machines

REFERENCES

• https://charlesreid1.com/wiki/MITM/Wired/ARP_Poisoning_with_Ettercap

• https://pentestmag.com/ettercap-tutorial-for-windows/