Hello all,
I've been playing around with arpspoof for a bit, and I am having a bit of trouble with it.
My setup consists of two computers:
1 Windows 7 64-bit PC that is running Windows XP (Victim) on Vmware with a Bridged adapter.
1 Laptop that is running Backtrack 5 KDE (Attacker) with a AWUS036H card connected to it.
The Windows XP victim has an IP of 192.168.0.190.
Its arp table before the arpspoof attack is:
Code:
Interface: 192.168.0.190 --- 0x2
Internet Address Physical Address Type
192.168.0.1 00-c0-ca-51-8e-09 dynamic
192.168.0.188 00-c0-ca-51-8e-09 dynamic
192.168.0.192 00-c0-ca-51-8e-09 dynamic
After successfully connecting my wifi card to my BT5 VM, I ran an arpspoof attack with the following invoked arguments:
Code:
arpspoof -i wlan0 -t 192.168.0.190 192.168.0.1
On the Windows XP victim, the altered arp table was:
Code:
Interface: 192.168.0.190 --- 0x2
Internet Address Physical Address Type
192.168.0.1 00-24-01-67-41-41 dynamic
192.168.0.192 00-c0-ca-51-8e-09 dynamic
After enabling ip forwarding, I was able to successfully run SSLStrip and log the data coming from the Windows XP machine. This was working as expected.
However, what was not expected was that my victim's host machine's arp tables have also been altered, and it lost its internet connectivity.
Before arpspoof attack, my arp tables on the host machine (windows 7) read:
Code:
Interface: 192.168.0.162 --- 0x1c
Internet Address Physical Address Type
192.168.0.1 70-f1-a1-88-e3-5e dynamic
Afterwards, it read:
Code:
Interface: 192.168.0.162 --- 0x1c
Internet Address Physical Address Type
192.168.0.1 00-c0-ca-51-8e-09 dynamic
I specifically designated my Windows XP machine as a target by invoking the -t parameter in arpspoof, yet my host machine was affected.
Can anybody explain why this is occuring, and what steps I can take to ensure that my victim host machine is not affected?
Thanks in advance!
TL;DR: Launched arpspoof attack against Windows XP virtual machine. Host machine also was affected.
Problems regarding arpspoof
Posting Permissions
