This demo is a follow-on to the ARP Poisoning Presentation. It uses the program ettercap to acheive an ARP poisoning attack.

To start with, here’s a written description of the process.

  1. Start Wireshark on the attacker.

  2. Open the telnet session on one of the victims. Nothing of that telnet session should be visible.

  3. In order to do a Man in the Middle (MitM) attack, first set up IP forwarding with sysctl -w net.ipv4.ip_forward=1

  4. Edit /etc/etter.conf to uncomment the lines allowing iptables to forward.

  5. Start up ettercap: ettercap -G (the -G gives a GUI)

  6. Start sniffing (unified)

  7. Scan for hosts

  8. Add targets

  9. Start MitM -> ARP Poisoning

  10. Start Sniffing

  11. Now go back to the victim and start another telnet session

  12. On the attacker, Wireshark should now see everything

  13. Don’t forgot to explicitly stop the MitM so that it can re-ARP the network

Video (MP4)