Scribd
Upload
120 views6 pages

Investigating Arp Poisoning

This lab objective was to configure an Ubuntu workstation as a man-in-the-middle (MITM) to intercept and view network traffic between a Windows system and a pfSense gateway. The student used ARP spoofing commands to associate the Ubuntu's MAC address with the IP addresses of the Windows system and gateway. Wireshark was then used to observe the redirected traffic passing through the Ubuntu workstation. The student learned that ARP spoofing can trick systems on a network about each other's IP to MAC address mappings and be used maliciously to intercept sensitive information or spread malware.

Uploaded by

api-648923088
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
120 views6 pages

Investigating Arp Poisoning

This lab objective was to configure an Ubuntu workstation as a man-in-the-middle (MITM) to intercept and view network traffic between a Windows system and a pfSense gateway. The student used ARP spoofing commands to associate the Ubuntu's MAC address with the IP addresses of the Windows system and gateway. Wireshark was then used to observe the redirected traffic passing through the Ubuntu workstation. The student learned that ARP spoofing can trick systems on a network about each other's IP to MAC address mappings and be used maliciously to intercept sensitive information or spread malware.

Uploaded by

api-648923088
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Name: Irais Maganda

Date: 10/17

Lab 04: Investigating ARP Poisoning

Objective:

In this lab, you will Configure an Ubuntu workstation as a MITM, Use Wireshark to view
traffic moving through the Ubuntu workstation, Test the current network from the Win19
workstation.

How can the objectives be applied outside the educational environment:

The objectives can be applied outside the educational environment because it might be
useful to redirect traffic on a website.

Synopsis / Summary

In this lab, you will configure an Ubuntu workstation to spoof a Windows system as it
attempts to communicate directly with the pfSense gateway. You will also configure the
Ubuntu workstation to spoof the pfSense gateway that tries to communicate with the
Windows system directly. You will then view the traffic being redirected across the
Ubuntu workstation, which is now acting as a “Man in the Middle” (MITM).

Lab Work (Screen caps with descriptions at least 6 screen captures)


In the Terminal, in order to forward IP packets through the Ubuntu system. I entered sudo vi
/proc/sys/net/ipv4/ip_forward and entered NDGlabpass123!

I entered sudo arpspoof -i ens160 -t 192.168.0.1 192.168.0.50. This was done in order to
deceive the gateway device by telling it that the Ubuntu’s IP address is 192.168.1.100. I entered
NDGlabpass123!

In order to tell the WinOS system that the device I was on was the 192.168.1.1 gateway device I
had to open another terminal by clicking File > New Window in the current Terminal window. I
switched to the New Terminal and entered sudo arpspoof -i ens160 -t 192.168.0.50 192.168.0.1.
I entered NDGlabpass123!. So, I had two terminals opened with ARP spoofing.
While on the SecOnion system, I opened a third terminal and entered sudo wireshark and
entered NDGlabpass123! As the password. Once Wireshark loaded, I scrolled and selected
ens160 in the Interface List pane. Then, I clicked the Start button to start capturing on that
interface.

after some packets had been captured and at least 10 seconds had passed, I stopped the live
capture by clicking on the red square Stop the running live capture button. Then, I typed arp in
the filter box, and clicked Apply. I selected Analyze, looked at the first couple of packets, where
00:50:56:92:68:06 MAC address had two IP addresses assigned to it.
I created a persistent ping to the 192.168.1.1 IP address by entering ping -t 192.168.0.1.

I cleared the Filter by clicking on Clear. I Stopped the capture by clicking on the red square
button again, then I typed icmp in the filter, and clicked Apply to examine the filtered packets.
I Analyzed the output. I noticed the ICMP traffic of the WinOS device traversing the SecOnion
device instead of going directly to the pfSense gateway. The destination MACaddress for a ping
request was SecOnion’s MAC address.

I opened another new Terminal and entered the ip addr show dev ens160 command to
view the MAC address for the SecOnion system. The MAC address was
00:50:56:92:68:06.

Questions and Prompts within the Labs

No questions or prompts in the lab

Reflection

I learned how to configure the Ubuntu workstation to spoof the pfSense gateway when it
was to communicate with the Windows system directly. I was able to view the traffic
being redirected across the Ubuntu workstation. I also learned the command sudo
arpspoof -i ens160 -t 192.168.0.50 192.168.0.1. Which was used to deceive the
gateway. This can be applied to the outside world because spoofing can be used to trick
people into giving away their personal information, which is vital to cyber security. In
such a way, people will be able to see other’s personal information as well as
messages, ip addresses, emails, etc. This can be used to spread malware and gain
unauthorized network access which would end in dire consequences. With ARP
poisoning or spoofing, the attacker would be able to intercept, modify, and stop any data
intended for that IP address. The best defense against ARP poisoning is to use a vpn
which is a virtual private network or to encrypt in order to reduce the chances of arp
poisoning.

Configuration Files or Your Code

You might also like