Kali MITM results in TCP Retransmissions abound Announcing the arrival of Valued Associate...
What is the difference between a "ranged attack" and a "ranged weapon attack"?
Nose gear failure in single prop aircraft: belly landing or nose-gear up landing?
Random body shuffle every night—can we still function?
Project Euler #1 in C++
what is the log of the PDF for a Normal Distribution?
Does silver oxide react with hydrogen sulfide?
Is it dangerous to install hacking tools on my private linux machine?
If Windows 7 doesn't support WSL, then what is "Subsystem for UNIX-based Applications"?
What initially awakened the Balrog?
Is there public access to the Meteor Crater in Arizona?
A proverb that is used to imply that you have unexpectedly faced a big problem
malloc in main() or malloc in another function: allocating memory for a struct and its members
Is openssl rand command cryptographically secure?
Relating to the President and obstruction, were Mueller's conclusions preordained?
Is there hard evidence that the grant peer review system performs significantly better than random?
Flight departed from the gate 5 min before scheduled departure time. Refund options
Tannaka duality for semisimple groups
Co-worker has annoying ringtone
Why is std::move not [[nodiscard]] in C++20?
Is multiple magic items in one inherently imbalanced?
In musical terms, what properties are varied by the human voice to produce different words / syllables?
New Order #6: Easter Egg
How does TikZ render an arc?
Why not use the yoke to control yaw, as well as pitch and roll?
Kali MITM results in TCP Retransmissions abound
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)Kali Linux USB Boot ProblemsKali Installation ErrorKali Linux Update FailsPrograms missing from Kali LinuxCan't login in Kali LinuxUsing arp-scan in ubuntu and kaliwhy doesn't system do ARP request broadcast before sending an IP packet?bash:iwconfig:command not found on Kalikali linux- proxychains versionKali Linux Microsoft Store Issue
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
I want to test some of my more advanced switches/APs and whether they're effective at stopping ARP Spoofing, so first I'm practicing making it work.
I have Kali booting from USB, connected to the network over ethernet. The process so far has been:
echo 1 > /proc/sys/net/ipv4/ip_forward
dhclient eth0 # just to get an IP address
arpspoof -i eth0 -t 172.16.0.2 -r 172.16.0.1
172.16.0.2 is the device I want to attack and .1 is the router.
When I open wireshark and listen to what's happening, I get almost exclusively TCP retransmissions and the target computer becomes unable to do anything at all.
Before I used dhclient, I used ifconfig eth0 172.16.0.3 netmask 255.255.255.0 but this worked even worse... With that, the target computer couldn't do anything; when I used dhclient (to set the route for me), the target could at least ping the router, but couldn't ping 8.8.8.8 any more (or anything else online).
Also, this computer sometimes replies to the ICMP ping with redirect host(New Addr: ....) from my computer's IP address.
Why is this doing this? Why are the packets not being forwarded correctly? Why are there so many TCP retransmissions? Why is my computer telling it to talk to somebody else?
For a MITM attack, this sure isn't stealthy.
kali-linux arp
asked 5 hours ago
iAdjunctiAdjunct
1,435917
add a comment |
I want to test some of my more advanced switches/APs and whether they're effective at stopping ARP Spoofing, so first I'm practicing making it work.
I have Kali booting from USB, connected to the network over ethernet. The process so far has been:
echo 1 > /proc/sys/net/ipv4/ip_forward
dhclient eth0 # just to get an IP address
arpspoof -i eth0 -t 172.16.0.2 -r 172.16.0.1
172.16.0.2 is the device I want to attack and .1 is the router.
When I open wireshark and listen to what's happening, I get almost exclusively TCP retransmissions and the target computer becomes unable to do anything at all.
Before I used dhclient, I used ifconfig eth0 172.16.0.3 netmask 255.255.255.0 but this worked even worse... With that, the target computer couldn't do anything; when I used dhclient (to set the route for me), the target could at least ping the router, but couldn't ping 8.8.8.8 any more (or anything else online).
Also, this computer sometimes replies to the ICMP ping with redirect host(New Addr: ....) from my computer's IP address.
Why is this doing this? Why are the packets not being forwarded correctly? Why are there so many TCP retransmissions? Why is my computer telling it to talk to somebody else?
For a MITM attack, this sure isn't stealthy.
kali-linux arp
asked 5 hours ago
iAdjunctiAdjunct
1,435917
If you are testing the switch, you really should be listening for the traffic on all ports of the switch. My best guess is that both your Kali and the intended destination are answering the ARP, the switch gets confused and transfers some packets to your Kali and some to the real destination, and hence the retransmissions. And yes, ICMP redirects are fun. ARP spoofing isn't that easy...
– dirkt
41 mins ago
add a comment |
I want to test some of my more advanced switches/APs and whether they're effective at stopping ARP Spoofing, so first I'm practicing making it work.
I have Kali booting from USB, connected to the network over ethernet. The process so far has been:
echo 1 > /proc/sys/net/ipv4/ip_forward
dhclient eth0 # just to get an IP address
arpspoof -i eth0 -t 172.16.0.2 -r 172.16.0.1
172.16.0.2 is the device I want to attack and .1 is the router.
When I open wireshark and listen to what's happening, I get almost exclusively TCP retransmissions and the target computer becomes unable to do anything at all.
Before I used dhclient, I used ifconfig eth0 172.16.0.3 netmask 255.255.255.0 but this worked even worse... With that, the target computer couldn't do anything; when I used dhclient (to set the route for me), the target could at least ping the router, but couldn't ping 8.8.8.8 any more (or anything else online).
Also, this computer sometimes replies to the ICMP ping with redirect host(New Addr: ....) from my computer's IP address.
Why is this doing this? Why are the packets not being forwarded correctly? Why are there so many TCP retransmissions? Why is my computer telling it to talk to somebody else?
For a MITM attack, this sure isn't stealthy.
kali-linux arp
asked 5 hours ago
iAdjunctiAdjunct
1,435917
I want to test some of my more advanced switches/APs and whether they're effective at stopping ARP Spoofing, so first I'm practicing making it work.
I have Kali booting from USB, connected to the network over ethernet. The process so far has been:
echo 1 > /proc/sys/net/ipv4/ip_forward
dhclient eth0 # just to get an IP address
arpspoof -i eth0 -t 172.16.0.2 -r 172.16.0.1
172.16.0.2 is the device I want to attack and .1 is the router.
When I open wireshark and listen to what's happening, I get almost exclusively TCP retransmissions and the target computer becomes unable to do anything at all.
Before I used dhclient, I used ifconfig eth0 172.16.0.3 netmask 255.255.255.0 but this worked even worse... With that, the target computer couldn't do anything; when I used dhclient (to set the route for me), the target could at least ping the router, but couldn't ping 8.8.8.8 any more (or anything else online).
Also, this computer sometimes replies to the ICMP ping with redirect host(New Addr: ....) from my computer's IP address.
Why is this doing this? Why are the packets not being forwarded correctly? Why are there so many TCP retransmissions? Why is my computer telling it to talk to somebody else?
For a MITM attack, this sure isn't stealthy.
kali-linux arp
kali-linux arp
asked 5 hours ago
iAdjunctiAdjunct
1,435917
asked 5 hours ago
iAdjunctiAdjunct
1,435917
asked 5 hours ago
iAdjunctiAdjunct
1,435917
asked 5 hours ago
iAdjunctiAdjunct
1,435917
asked 5 hours ago
iAdjunctiAdjunct
1,435917
1,435917
If you are testing the switch, you really should be listening for the traffic on all ports of the switch. My best guess is that both your Kali and the intended destination are answering the ARP, the switch gets confused and transfers some packets to your Kali and some to the real destination, and hence the retransmissions. And yes, ICMP redirects are fun. ARP spoofing isn't that easy...
– dirkt
41 mins ago
add a comment |
If you are testing the switch, you really should be listening for the traffic on all ports of the switch. My best guess is that both your Kali and the intended destination are answering the ARP, the switch gets confused and transfers some packets to your Kali and some to the real destination, and hence the retransmissions. And yes, ICMP redirects are fun. ARP spoofing isn't that easy...
– dirkt
41 mins ago
If you are testing the switch, you really should be listening for the traffic on all ports of the switch. My best guess is that both your Kali and the intended destination are answering the ARP, the switch gets confused and transfers some packets to your Kali and some to the real destination, and hence the retransmissions. And yes, ICMP redirects are fun. ARP spoofing isn't that easy...
– dirkt
41 mins ago
If you are testing the switch, you really should be listening for the traffic on all ports of the switch. My best guess is that both your Kali and the intended destination are answering the ARP, the switch gets confused and transfers some packets to your Kali and some to the real destination, and hence the retransmissions. And yes, ICMP redirects are fun. ARP spoofing isn't that easy...
– dirkt
41 mins ago
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1427839%2fkali-mitm-results-in-tcp-retransmissions-abound%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1427839%2fkali-mitm-results-in-tcp-retransmissions-abound%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
If you are testing the switch, you really should be listening for the traffic on all ports of the switch. My best guess is that both your Kali and the intended destination are answering the ARP, the switch gets confused and transfers some packets to your Kali and some to the real destination, and hence the retransmissions. And yes, ICMP redirects are fun. ARP spoofing isn't that easy...
– dirkt
41 mins ago