First page Back Continue Last page Overview Graphics
Something Wicked This Way Comes
-
-
- Both of these allow you to advertise ARP data which in turn can confuse hosts and even switches with regards to port (MAC) assignment.
- You can use this, for example, to trick a switch into routing packets destined for the default gateway to routing the packets through your host instead.
- This is the most popular way to gain visibility when blinded by a switch!! This technique is called arp spoofing. DANGER!!
Notes:
Since it is fairly easy to arp spoof addresses on a network, you may want to run an utility like arpwatch (http://www-nrg.ee.lbl.gov/). The arpwatch utility monitors for any changes to existing arp table entries. As mentioned earlier, you can use the arp -s command to prepopulate MAC tables for a host (so you'll have a known good starting point).