I'm developing a ARP spoofing tool for Windows and during my tests I turned on the IPEnableRouter option (which is basically the Windows version of the linux IP Forward option). It worked out great (the victim could access the internet), but I realized that if I started a capture in Wireshark the victim of the ARP spoofing would loose it's connection to the Internet. Repeated the whole thing a few times and I got the same result on all of them. Does anybody know what could be happening and why? asked 20 Aug '13, 18:07  André Lourenço |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
What do you spoof? The MAC address of the Internet router?
How many interfaces are connected to the network on your spoofing system?
In that case, what do you see in the capture file?