Ho provato a fare un attacco MITM sulla mia rete. Ho attivato ettercap
, ho contrassegnato il mio router come TARGET1 e il mio secondo computer come TARGET2. Quindi ho attivato 'ARP Spoofing'.
Non so perché - ma dopo questa operazione la mia vittima ha perso la connessione a Internet. Non vedo nulla in urlsnarf
. Sembra che entrambi i lati del mio piano si siano resi conto di alcuni problemi: di seguito pubblichiamo i risultati della cattura di Wireshark.
La mia domanda è? Cosa faccio di sbagliato? Cosa dovrei migliorare per fare un buon attacco MITM. A questo attacco ho usato una scheda Wi-Fi esterna, ne ho anche un'altra, integrata, (era connessa alla stessa rete). Ho abilitato l'inoltro ipv4 ( cat /proc/sys/net/ipv4/ip_forward
== 1).
Risultati della cattura di Wireshark:
No. Time Source Destination Protocol Length Info
9 0.582284000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 192.168.0.100 is at [ATTACKER MAC]
Frame 9: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
10 0.582393000 Tp-LinkT_21:e9:30 AsustekC_a7:27:9a ARP 42 192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)
Frame 10: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 9)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 9)]
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
118 10.582643000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 192.168.0.100 is at [ATTACKER MAC]
Frame 118: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
119 10.582701000 Tp-LinkT_21:e9:30 AsustekC_a7:27:9a ARP 42 192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)
Frame 119: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 118)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 118)]
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
140 20.582933000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 192.168.0.100 is at [ATTACKER MAC]
Frame 140: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
141 20.582995000 Tp-LinkT_21:e9:30 AsustekC_a7:27:9a ARP 42 192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)
Frame 141: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 140)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 140)]
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
171 30.583194000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 192.168.0.100 is at [ATTACKER MAC]
Frame 171: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
172 30.583261000 Tp-LinkT_21:e9:30 AsustekC_a7:27:9a ARP 42 192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)
Frame 172: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 171)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 171)]
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
185 40.583479000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 192.168.0.100 is at [ATTACKER MAC]
Frame 185: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
186 40.583543000 Tp-LinkT_21:e9:30 AsustekC_a7:27:9a ARP 42 192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)
Frame 186: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 185)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 185)]
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
330 50.583765000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 192.168.0.100 is at [ATTACKER MAC]
Frame 330: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
331 50.583831000 Tp-LinkT_21:e9:30 AsustekC_a7:27:9a ARP 42 192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)
Frame 331: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 330)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 330)]
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
333 51.601767000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 Who has 192.168.0.1? Tell 192.168.0.101
Frame 333: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (request)
No. Time Source Destination Protocol Length Info
334 51.602934000 Tp-LinkT_8c:13:50 Tp-LinkT_21:e9:30 ARP 42 192.168.0.1 is at [ROUTER MAC]
Frame 334: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_8c:13:50 ([ROUTER MAC]), Dst: Tp-LinkT_21:e9:30 ([ATTACKER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
1728 60.584062000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 192.168.0.100 is at [ATTACKER MAC]
Frame 1728: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
1729 60.584131000 Tp-LinkT_21:e9:30 AsustekC_a7:27:9a ARP 42 192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)
Frame 1729: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 1728)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 1728)]
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
1849 70.584400000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 192.168.0.100 is at [ATTACKER MAC]
Frame 1849: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
1850 70.584480000 Tp-LinkT_21:e9:30 AsustekC_a7:27:9a ARP 42 192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)
Frame 1850: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 1849)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 1849)]
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
1896 80.584691000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 192.168.0.100 is at [ATTACKER MAC]
Frame 1896: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
1897 80.584765000 Tp-LinkT_21:e9:30 AsustekC_a7:27:9a ARP 42 192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)
Frame 1897: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 1896)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 1896)]
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
1932 90.584985000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 192.168.0.100 is at [ATTACKER MAC]
Frame 1932: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
1933 90.585049000 Tp-LinkT_21:e9:30 AsustekC_a7:27:9a ARP 42 192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)
Frame 1933: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 1932)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 1932)]
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
1946 100.585252000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 192.168.0.100 is at [ATTACKER MAC]
Frame 1946: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
1947 100.585312000 Tp-LinkT_21:e9:30 AsustekC_a7:27:9a ARP 42 192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)
Frame 1947: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 1946)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 1946)]
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
1992 110.585539000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 192.168.0.100 is at [ATTACKER MAC]
Frame 1992: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
1993 110.585597000 Tp-LinkT_21:e9:30 AsustekC_a7:27:9a ARP 42 192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)
Frame 1993: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 1992)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 1992)]
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
2054 120.585783000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 192.168.0.100 is at [ATTACKER MAC]
Frame 2054: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
2055 120.585833000 Tp-LinkT_21:e9:30 AsustekC_a7:27:9a ARP 42 192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)
Frame 2055: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 2054)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 2054)]
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
2061 124.609742000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 Who has 192.168.0.1? Tell 192.168.0.101
Frame 2061: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (request)
No. Time Source Destination Protocol Length Info
2062 124.610917000 Tp-LinkT_8c:13:50 Tp-LinkT_21:e9:30 ARP 42 192.168.0.1 is at [ROUTER MAC]
Frame 2062: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_8c:13:50 ([ROUTER MAC]), Dst: Tp-LinkT_21:e9:30 ([ATTACKER MAC])
Address Resolution Protocol (reply)