ARP回复数据包不会在Ubuntu上更新ARP缓存 [英] ARP reply packet does not update ARP cache on Ubuntu

问题描述

因此，在我使用Digitalsquid(http://digitalsquid.co.uk/netspoof/)开发的Network Spoofer之后，我一直在尝试通过编写可执行某些操作的ac程序来更好地了解其内部工作相似的.

So after I have played with the Network Spoofer developed by Digitalsquid (http://digitalsquid.co.uk/netspoof/), I have been trying to get a better understanding of its internal working by writing a c program that does something similar.

我的程序当前接受4个参数-源ip，源mac，受害ip和受害mac-并与它们一起发送ARP应答数据包.在家庭网络上测试程序时，我会做一些事情，例如将源ip设置为路由器的ip，将源mac设置为虚假的东西，将受害者ip设置为我的笔记本电脑的ip，将受害者mac设置为笔记本电脑的无线卡mac.

My program currently takes in 4 parameters - source ip, source mac, victim ip, and victim mac - and send an ARP reply packet with them. When testing the program on my home network, I would do something like setting the source ip to be the router's ip, source mac to be something bogus, victim ip to be my laptop's ip, and victim mac to be my laptop's wireless card mac.

问题是，尽管我可以通过使用tcpdump监视无线卡看到发送/接收的数据包(即，我会看到类似"01:43:23.656745 ARP，以太网(len 6)，IPv4(len 4 )，回复 rouer-ip 的地址为 bogus-mac-address ，长度为28，这正是我期望的值)，路由器的ARP缓存条目保持不变相同(即仍然具有正确的mac地址).

The problem is, although I can see the packet being sent/received from monitoring the wireless card using tcpdump (ie. I would see something like "01:43:23.656745 ARP, Ethernet (len 6), IPv4 (len 4), Reply rouer-ip is-at bogus-mac-address, length 28", which is just what I expected), the ARP cache entry for the router stays the same (ie. still has the correct mac address).

我不太确定这里的问题是什么，为什么我不能毒害ARP缓存.我在某处读到它可能是我的操作系统Ubuntu 12.04，丢弃了未经请求的ARP数据包，因此我尝试将/proc/sys/net/ipv4/conf/wlan0/arp_accept设置为1-算不上运气.我还尝试按照另一篇文章的建议打开IP转发(将/proc/sys/net/ipv4/ip_forward设置为1)，但仍然没有运气.

I am not quite sure what the problem here is, and why I couldn't poison my ARP cache. I read somewhere that it could be my OS, Ubuntu 12.04, dropping the unsolicited ARP packets, so I tried to set /proc/sys/net/ipv4/conf/wlan0/arp_accept to 1 - no luck. I also tried to turn IP forwarding on (setting /proc/sys/net/ipv4/ip_forward to 1) as suggested by another article, and still had no luck.

如果有人可以给我一些有关问题可能的提示/提示，我将不胜感激.另外，如果我的理解有误，请更正我-我在c编程和ARP欺骗领域中是一个陌生的人.

I would really appreciate if somebody can give me some pointers/hints as to what the problem might be. Also, please correct me if I had a mistake in my understanding - I am quite new in the realm of c programming and ARP spoofing.

谢谢！

JY

推荐答案

最好接受这些参数(源ip，源mac，目标ip和目标mac)，但是您没有为其提供正确的值.

Its good to take these arguments(source ip,source mac,target ip and target mac),but you are not giving correct values to it.

ARP欺骗实际上说服了A和B

ARP spoofing is actually convincing both A and B

您需要通过将MAC地址设为所需的节点来更加积极地向A和B发送ARP请求/答复.

You need to be more active in sending ARP request/reply to both A and B by giving your MAC address to be desired node.

因此，A/B发送的任何内容都将首先送给您. IP和MAC地址字段基本上是在交换机的CAT(内容可寻址内存)表中更新的，该表会不断更新.

So that whatever A/B sends will come to you first. IP and MAC address fields are basically updated in CAT(content Addressable Memory) table of switch which keeps on updating time to time.

因此，当您向A(即路由器/网关/交换机)发送ARP请求时:-

So when you are sending ARP Reuest to A(i.e Router/Gateway/Switch):-

 Source IP=Victim's IP i.e A
 Source MAc=your MAC(hackers MAC) so that data may come to your system
 Destination IP=Rouer's IP
 Detination MAC will be blank in case of ARP request

这篇关于ARP回复数据包不会在Ubuntu上更新ARP缓存的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！