




Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A practical guide to setting up and analyzing arp poisoning attacks using ettercap. It includes step-by-step instructions on how to configure the network, launch the attack, and analyze captured packets using wireshark. The guide explains how arp poisoning can lead to a man-in-the-middle scenario, allowing attackers to intercept and modify communication between the victim and other network entities. It also covers the concepts of sniffing and spoofing, providing insights into how attackers can trick devices on a network. Designed for cybersecurity students and professionals seeking to understand and mitigate arp poisoning attacks.
Typology: Slides
1 / 8
This page cannot be seen from the preview
Don't miss anything!





Aim: ARP Poisoning Attack: Set up an ARP poisoning attack using tools like Ettercap. Analyze the captured packets to understand how the attack can lead to a Man-in-the-Middle scenario. Experiment Setup
1. Prerequisites: a. Two computers in the same network. b. Kali Linux installed on one of the computers (Attacker). c. Target computer running any operating system (Victim). 2. Installation:
a. Install Ettercap on the Kali Linux machine: sudo apt-get update sudo apt-get install ettercap-graphical
3. Network Configuration: a. Ensure both the Attacker and Victim are connected to the same local network. 4. Enable IP Forwarding: a.Enable IP forwarding on the Attacker machine to ensure it can forward packets between the Victim and the internet. sudo sysctl -w net.ipv4.ip_forward= **Performing the attack:
Go to 'Hosts' > 'Scan for hosts' to scan the network and identify the Victim's IP address.
4. ARP Poisoning: Go to 'Mitm' > 'ARP Poisoning'. Select 'Sniff remote connections'. Enter the Victim's IP address as the target.
Analyzing captured packet :
1. Wireshark:
Use Wireshark to capture and analyze network packets. Start Wireshark on the Attacker machine and select the network interface used for ARP poisoning.
2. Filtering:
Apply filters to isolate traffic between the Attacker, Victim, and other network entities. Filter for ARP packets to observe ARP spoofing in action.
5. Start the Attack:
Click on 'Start' to begin the ARP poisoning attack. Ettercap will now intercept and modify ARP packets, redirecting traffic through the Attacker machine.
3. Packet Analysis:
Analyze the captured packets to observe the following: ARP requests and responses indicating the spoofed MAC addresses. Victim's traffic being redirected through the Attacker machine. Communication between the Victim and other network entities being intercepted by the Attacker. Understanding the MITM Scenario:
1. Interception of Communication: The ARP poisoning attack allows the Attacker to intercept and modify all communication between the Victim and other network entities. This includes intercepting sensitive information such as login credentials, financial data, or personal information. 2. Modification of Data: The Attacker can modify the intercepted data before forwarding it to its original destination, leading to potential data manipulation or injection attacks. 3. Identity Theft: By intercepting communication, the Attacker can impersonate either the Victim or the legitimate network entities, leading to identity theft or unauthorized access to sensitive resources.
Man-in -the -Middle:
Procedure- To implement this objective we will kali linux and windows machine in Virtual environment. Ettercap tool will be used for ARP Poisoning Attack
Step 1- Open the ettercap in Kali Linux.
Sniffing with Ettercap
Sniffing means watching the data that moves around on your network. It’s like being a secret agent for data!
Step 1: Start Ettercap in Unified Sniffing Mode
When you open Ettercap, choose the network interface you want to use (usually something like eth0 or wlan0).
Fig No. 5.1 : Open ettercap in Kali Linux
Fig No. 5.2 : Open ettercap in Sniffing Mode Step 2: Scan for Hosts Next, you need to see who else is on the network. Click on the "Hosts" menu, then "Scan for hosts." Ettercap will find all the devices connected to the network.
Step 3: View Host List
Now, you can see the list of devices. Go to "Hosts" and click on "Hosts list." This shows all the IP addresses and MAC addresses of the devices on your network.
Step 4: Start Sniffing
To start capturing data, just click on the "Start" button in the toolbar. Ettercap will begin to show you the data packets moving across the network.
Fig No. 5.3 : Start ettercap Sniffing
Step 3: Start Spoofing
Finally, click on the "Start" button to begin spoofing. Now, Ettercap will intercept the data between the two devices, letting you see it.
Fig No. 5.6 : Start ARP Spoofing
Fig No. 5.7 : Open Vulnweb
Fig No. 5.8 : ARP Spoffing