[Pro21]

I post this thread to advance in this domain.
AT this moment i can get out packet in arp spoof but the most interesting is to get in packets.

Some explications on the sniff :

The goal is to get all packets from a network. But nowdays with the swith packets redirected at the good computer and not all computers. Before with hub it was possible to get all packets because hub it s as a RJ45 cable. But a switch build route tables for best performances on the lan and to guarantee more security.
Then the solution is to take an IP on the network ang sniff packets.

Computer 1 -------> Switch -------> Computer 2
_________________|
|
|
My computer

The goal is to be made pass for the computer 1 to get packets and after re-send packets at Computer 2.


An example : I am spoofing on a switched network :

ARP response send to 152.*.*.3 claiming to be 152.*.*.15
ARP response send to 152.*.*.2 claiming to be 152.*.*.66
ARP response send to 152.*.*.14 claiming to be 152.*.*.17
ARP response send to 152.*.*.44 claiming to be 152.*.*.11
ARP response send to 152.*.*.2 claiming to be 152.*.*.15

All packets redirected on my computer.
Then the manipulation is to sniff packets to get some password or informations.

T 152.*.*.107:3889 -> 152.*.*.36:110 [AP]
USER mblambet..

T 152.*.*.107:3889 -> 152.*.*36:110 [AP]
PASS 240191073..

T 152.*.*.107:3889 -> 152.*.*.36:110 [AP]
PASS 240191073..

I catched e-mail accounts.
But it s only Out packets. And if i try to connect me on a FTP on the lan, my connexion is invisible for the sniffer. But my principal goal is to get in packets.
But i don t see how to do this.

If you are an issue to help me :) it s the welcome :P

P.S : I am spoofing on a Windows computer :P WIndows RoX

[Pro21]

sniff nobody have a solution :( sniff

[niko]

Look up some more info on arp spoofing, maybe you don't have all your settings right.

You need to set your system up to route the packets (forward them) this might be why you only get out packets, since they never reach their destination, they never come back with anything..

-niko

[technoboy]

and remember to be very careful on production network with arp spoofing and arp poissoning techniques, i know a few non-methodological pen-tester who lost there job after crashing the client network...