This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark and IPEnableRouter

0

I'm developing a ARP spoofing tool for Windows and during my tests I turned on the IPEnableRouter option (which is basically the Windows version of the linux IP Forward option).

It worked out great (the victim could access the internet), but I realized that if I started a capture in Wireshark the victim of the ARP spoofing would loose it's connection to the Internet. Repeated the whole thing a few times and I got the same result on all of them.

Does anybody know what could be happening and why?

asked 20 Aug '13, 18:07

Andr%C3%A9%20Louren%C3%A7o's gravatar image

André Lourenço
1222
accept rate: 0%

I'm developing a ARP spoofing tool for Windows

What do you spoof? The MAC address of the Internet router?

during my tests I turned on the IPEnableRouter option

How many interfaces are connected to the network on your spoofing system?

but I realized that if I started a capture in Wireshark the victim of the ARP spoofing would loose it's connection to the Internet.

In that case, what do you see in the capture file?

(21 Aug '13, 03:27) Kurt Knochner ♦