Results 1 to 7 of 7

Thread: ARP poisoning

  1. #1

    ARP poisoning

    I want to play around a bit with arp poisoning (using ettercap) and I wonder if it is safe to do in production network.....I want to check if I can reroute traffic from specific hosts to my workstation using ARP poisoning....but I'm afraid to screw up the traffic ......
    Thanks.

  2. #2
    Senior Member
    Join Date
    Apr 2002
    Posts
    417

    Re:ARP poisoning

    I don't think experimenting on any production environment is a good idea.

    Don't you have any extra equipment you can use to make a small test network?


  3. #3

    Re:ARP poisoning

    I do, but I don't have spare switch to fully amulate production env.....

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    419

    Re:ARP poisoning

    Best bet would be to wait until you've got the hardware to do it yourself. I setup another physical network within my home for the specific use of network testing. Trying something like that on a production environment without knowing how it works isn't too wise. If you can borrow a switch or something from work, that'd be great. :-)

  5. #5

    Re:ARP poisoning

    You learn the most if it's a real world thing. Try your best not to get caught, that way if you break something you don't get blamed, and if you don't, you learned how to hide yourself.

    :P

    Arp poisoning will get the packets to a different box, but remember if that box is not configured for that ip it will just drop them (Unless it's promiscuous)

    Are you trying to like hijack a server or just sniff?

    dsniff comes with something called arpspoof which lets you trick the switch to sending you the packets, then sends the packets back to the intended host as well so you can sniff the connection.

  6. #6

    Re:ARP poisoning

    I'm just trying to see how the whole thing works.....the basic idea is to fool switch into beleiving that server's arp is actually my workstation's thus redirecting traffic that goes to server to my workstation and then sniffing it for information......I guess that's what arp poisoning is supposed to do?
    So you say dsniff is the best toll to do that?
    Thanks.

  7. #7

    Re:ARP poisoning

    couldnt you select a few machines and change their netmask or whatever so they think they are a different network? (i dont remember how that works)

Similar Threads

  1. Detect ARP Poisoning
    By raditya in forum Linux - General Topics
    Replies: 2
    Last Post: 11-03-2007, 12:22 AM
  2. ARP Poisoning
    By raditya in forum Linux - Hardware, Networking & Security
    Replies: 1
    Last Post: 10-15-2007, 05:17 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •