I am trying to understand the basics behind arp poisoning and here is the setup Target Machine---->AttackerSystem(running Cain&Abel)---->Defaultgateway I am able to spoof all the traffic from Target Machine to Internet on port 80 but i would like to know why i am generating ACK,RST for SYN Packets initiated by Target Machine on port 443? I vaguely realize it has to do with encryption and key exchange which my system(Attackersystem) has no ability but looking for a vivid answer. Thanks asked 07 Jul '13, 23:37  krishnayeddula |
One Answer:
O.K. if all involved systems accept the ARP 'update' and if your attacker machine forwards the packets (IP forwarding enabled), there should be no RST packet generated. So, please check where the RST comes from (look at the MAC address of the packet). Regards answered 16 Jul '13, 05:49  Kurt Knochner ♦ |
what do you mean by that? Did you spoof the MAC address of the default gateway? If so, how is you Attacker System connected to the network? As shown in your 'picture' above (inline as bridge)?
Kurt, The setup is a plain home networking.Few Machines connected to wireless router(which is default gateway)and with this ARP Poisoning my attacker system initiates arp reply(with out arp request) to target machine stating that default router is at this mac(attacker mac) and in same way it initiates another arp reply to default gateway that target machine is at this mac(attacker mac).In this way i am able to divert traffic from both directions(from/to target) flow through attacker.