Results 1 to 7 of 7

Thread: arpspoof - 'couldn't arp for host'

  1. #1
    Just burned his ISO
    Join Date
    Jan 2011
    Posts
    5

    Default arpspoof - 'couldn't arp for host'

    I'm looking at SSL Spoofing within BT5 using arpspoof and ettercap. However, when using arpspoof and using the syntax in the forum topic, when entering -

    arpspoof -i wlan0 -t <IP address of victim> <router IP>

    I get the below error -

    arpspoof: couldn't arp for host <victims IP address>

    http://www.backtrack-linux.org/forum...k-videos/1659-[video]-how-snifff-ssl-https-sslstrip-8.html

    However, the wlan0 interface works fine when using the likes of airmon and aircrack-ng for wep keys. This also happens on the eth0 and eth1 interface too.

    Any ideas?

  2. #2
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: arpspoof - 'couldn't arp for host'

    Everything works here:
    Code:
    root@evilbox:~# arpspoof -i wlan0 -t 192.168.1.71 192.168.1.254
    0:22:5f:2:30:22 0:0:0:0:0:0 0806 42: arp reply 192.168.1.254 is-at 0:22:5f:2:30:22
    0:22:5f:2:30:22 0:0:0:0:0:0 0806 42: arp reply 192.168.1.254 is-at 0:22:5f:2:30:22
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  3. #3
    Just burned his ISO
    Join Date
    May 2011
    Posts
    15

    Default Re: arpspoof - 'couldn't arp for host'

    I've gotten this error when I've mistakenly entered my own IP as the target.

  4. #4
    Very good friend of the forum maverik35's Avatar
    Join Date
    Sep 2009
    Location
    Debian land
    Posts
    734

    Default Re: arpspoof - 'couldn't arp for host'

    You can check if your interface is in managed mode..Could cause you some troubles if it is in Monitor mode. You can type: iwconfig wlan0..In case the interface is in monitor mode, put it in "managed mode"..Re-run arpspoof...
    I'd like to offer you 2 options to arpspoof:
    1. Using arpspoof..Only will arpspoof, you have to forward traffic manually (echo 1 > /proc/sys/.../ip_forward)
    2. Using ettercap (ettercap -Tqi wlan0 -M arp /Target/ /GW/) In this case, you do 2 things: forward traffic and arpspoofing..
    It should work fine...Check the ip of target, you can run nmap, and then arpspoof with ip's well known via nmap..Perhaps the host to arp poisson is not been found...
    best of luck..

  5. #5
    Just burned his ISO
    Join Date
    May 2011
    Posts
    5

    Default Re: arpspoof - 'couldn't arp for host'

    Could be that the target is using a firewall(antivirus) that disables arp spoofing ..

  6. #6
    Just burned his ISO
    Join Date
    Jan 2011
    Posts
    5

    Default Re: arpspoof - 'couldn't arp for host'

    Thanks for all of that. I'm getting a bit further than I was. I have also ran the netstat -nr command to check my df gateway. The IP address for the default gateway which BT is displaying is a 192.168.6.2 address with two other IP's on the 6.X subnet. However, none of the 'target' machines are on that subnet and neither is the machine which I am running the BT5 VM on or the router.

    The 192.168.6.2 address also shows up where running ettercap.gtk and 'scanning for hosts' but fails to pick up any hosts on the actaul wired or wireless network I am trying to test upon.

    The only place I can find the 192.168.6.1 IP address is the IP address for the VMWare Ethernet Network Adapter.

    This is also the case when I tested it with BT4 for comparison.

  7. #7
    Very good friend of the forum maverik35's Avatar
    Join Date
    Sep 2009
    Location
    Debian land
    Posts
    734

    Default Re: arpspoof - 'couldn't arp for host'

    Ok..Try to find the GW subnet, try this:
    You can open your router and check the DHCP server ranges to assign ip's, the GW IP and check the clients table, to see who is connected.This to have a picture of ip scenario.
    Make sure the networking services has been started (if running in live cd).
    Once knew the ip scenario, you may do this:
    1. switch to root, very important, because in the root user, you can comunicate with your interfaces.
    2. type: ifconfig your_interface (to see if you are indeed in the subnet, although is not necessary)
    2.1 Then type: iwconfig to see if you are getting connected to the AP (wireless), if so, you should see the SSID and its MAC. Check Mode, should be Managed (Mode: managed)
    3. type: nmap -sC -sS -sV -PN -T4 -F -O --osscan-guess 192.168.6.0/24
    4. See the targets it shows and its info (mac, ip, type of OS, etc)..Try to see the ip's and check if yours is in the same subnet.

    If you are not in the subnet as well as the targets, very possibly the GW DHCP server is not offering any IP...

    After this, you can start wondering what is really going on...
    Once you figure that out, then you start arpspoofing and forwarding traffic.
    Best of lucks..

Similar Threads

  1. host-extract.rb | Host/IP Pattern Extractor
    By r3m0t3 in forum Tool Requests
    Replies: 0
    Last Post: 03-13-2011, 04:24 PM
  2. EXT3-fs: error 240 couldn't mount
    By muskatnuss in forum Beginners Forum
    Replies: 2
    Last Post: 10-07-2010, 11:09 AM
  3. E: Couldn't find package twisted-web
    By g.h0ul in forum OLD Newbie Area
    Replies: 6
    Last Post: 01-05-2010, 02:38 PM
  4. sslstrip + arpspoof : couldn't arp for host ? perche?
    By dpmika in forum Supporto Software
    Replies: 3
    Last Post: 10-05-2009, 05:02 PM
  5. couldn't start kismet
    By durana in forum OLD Newbie Area
    Replies: 10
    Last Post: 08-01-2007, 10:38 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •