IP addresses are resolved to machine MAC addresses by using a protocol termed as Address Resolution Protocol (ARP). By broadcasting the ARP queries in the system, other machine’s MAC addresses are found. ARP Poisoning is also known as APR Spoofing.
ARP packets can be forged to send data to the attacker’s machine.
Attackers flood a target computer ARP cache with forged entries, which is also known as poisoning. ARP poisoning uses Man-in-the-Middle access to poison the network.
The Man-in-the-Middle attack (abbreviated MITM, MitM, MIM, MiM, MITMA) implies an active attack where a connection between the victims is created by impersonating the user. The communication is actually controlled by the malicious actor, misguiding the victims that they are communicating with each other.
The traffic of communication between the two parties is controlled and monitored by a third person. This type of attack is prevented by protocols like SSL.
In this exercise, ARP poisoning is performed by BetterCAP by using VMware workstation in a LAN environment. The VMware workstation has Kali Linux installed Ettercap tool enabling the sniffing process among the local traffic in LAN.
The tools used for this exercise are -
Note – In both wired and wireless networks, this attack can be possible in local LAN.
Step 1 − The VMware workstation AND the Kali Linux operating system are installed.
Step 2 − Login into the Kali Linux using username pass “root, toor”.
Step 3 – Connect to local LAN and check the IP address by the command ifconfig in the terminal.
Step 4 − Open up the terminal and type “Ettercap –G” to start the graphical version of Ettercap.
Step 5 – Click on the tab “sniff” in the menu bar and select “unified sniffing” and click OK to select the interface. Use “eth0” which means Ethernet connection.
Step 6 − Click on the “hosts” tab in the menu bar and click “scan for hosts”. It will start scanning the whole network for the alive hosts.
Step 7 − Click the “hosts” tab and select “hosts list” to see the number of hosts available in the network. The default gateway addresses are also included in the list.
Step 8 – Select the targets. The host machine is the target for the MITM and to forward the traffic, router address will be the route. In an MITM attack, network is intercepted and the packets are sniffed by the attacker. The victim is added as “target 1” and the router address as “target 2.”
In VMware environment, the default gateway will always end with “2” because “1” is assigned to the physical machine.
Step 9 – In this scenario, target is “192.168.121.129” and the router is “192.168.121.2”. So target 1 is added as victim IP and target 2 as router IP.
Step 10 − Click on “MITM” and click “ARP poisoning”. Thereafter, check the option “Sniff remote connections” and click OK.
Step 11 − Click “start” and select “start sniffing”. ARP poisoning starts in the network, in the sense that the network card is enabled in “promiscuous mode” and now the local traffic can be sniffed.
Note – Only HTTP sniffing with Ettercap is allowed, hence HTTPS packets are not sniffed in this process.
Step 12 − Now If the victim is logged into some websites, the results can be seen in the toolbar of Ettercap.
By this process, it is clearly understood that ARP Poisoning has the potential to cause huge losses in company environments. Here ethical hackers are required to protect and secure the networks of the company.
Similar to ARP poisoning, other attacks like MAC flooding, MAC spoofing, DNS poisoning, ICMP poisoning, etc. also can cause major loss to a network.
Ethical Hacking Related Interview Questions
|Networking Interview Questions||Android Interview Questions|
|CCNA Interview Questions||Routing Protcol Interview Questions|
|Firewall (computing) Interview Questions||Application Security Interview Questions|
|Cyber Security Interview Questions||TCP/IP Interview Questions|
|Owasp Interview Questions|
All rights reserved © 2020 Wisdom IT Services India Pvt. Ltd
Wisdomjobs.com is one of the best job search sites in India.