Kali MITM results in TCP Retransmissions abound Announcing the arrival of Valued Associate...

What is the difference between a "ranged attack" and a "ranged weapon attack"?

Nose gear failure in single prop aircraft: belly landing or nose-gear up landing?

Random body shuffle every night—can we still function?

Project Euler #1 in C++

what is the log of the PDF for a Normal Distribution?

Does silver oxide react with hydrogen sulfide?

Is it dangerous to install hacking tools on my private linux machine?

If Windows 7 doesn't support WSL, then what is "Subsystem for UNIX-based Applications"?

What initially awakened the Balrog?

Is there public access to the Meteor Crater in Arizona?

A proverb that is used to imply that you have unexpectedly faced a big problem

malloc in main() or malloc in another function: allocating memory for a struct and its members

Is openssl rand command cryptographically secure?

Relating to the President and obstruction, were Mueller's conclusions preordained?

Is there hard evidence that the grant peer review system performs significantly better than random?

Flight departed from the gate 5 min before scheduled departure time. Refund options

Tannaka duality for semisimple groups

Co-worker has annoying ringtone

Why is std::move not [[nodiscard]] in C++20?

Is multiple magic items in one inherently imbalanced?

In musical terms, what properties are varied by the human voice to produce different words / syllables?

New Order #6: Easter Egg

How does TikZ render an arc?

Why not use the yoke to control yaw, as well as pitch and roll?



Kali MITM results in TCP Retransmissions abound



Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)Kali Linux USB Boot ProblemsKali Installation ErrorKali Linux Update FailsPrograms missing from Kali LinuxCan't login in Kali LinuxUsing arp-scan in ubuntu and kaliwhy doesn't system do ARP request broadcast before sending an IP packet?bash:iwconfig:command not found on Kalikali linux- proxychains versionKali Linux Microsoft Store Issue





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







0















I want to test some of my more advanced switches/APs and whether they're effective at stopping ARP Spoofing, so first I'm practicing making it work.



I have Kali booting from USB, connected to the network over ethernet. The process so far has been:



echo 1 > /proc/sys/net/ipv4/ip_forward
dhclient eth0 # just to get an IP address
arpspoof -i eth0 -t 172.16.0.2 -r 172.16.0.1


172.16.0.2 is the device I want to attack and .1 is the router.



When I open wireshark and listen to what's happening, I get almost exclusively TCP retransmissions and the target computer becomes unable to do anything at all.



Before I used dhclient, I used ifconfig eth0 172.16.0.3 netmask 255.255.255.0 but this worked even worse... With that, the target computer couldn't do anything; when I used dhclient (to set the route for me), the target could at least ping the router, but couldn't ping 8.8.8.8 any more (or anything else online).



Also, this computer sometimes replies to the ICMP ping with redirect host(New Addr: ....) from my computer's IP address.



Why is this doing this? Why are the packets not being forwarded correctly? Why are there so many TCP retransmissions? Why is my computer telling it to talk to somebody else?



For a MITM attack, this sure isn't stealthy.










share|improve this question























  • If you are testing the switch, you really should be listening for the traffic on all ports of the switch. My best guess is that both your Kali and the intended destination are answering the ARP, the switch gets confused and transfers some packets to your Kali and some to the real destination, and hence the retransmissions. And yes, ICMP redirects are fun. ARP spoofing isn't that easy...

    – dirkt
    41 mins ago


















0















I want to test some of my more advanced switches/APs and whether they're effective at stopping ARP Spoofing, so first I'm practicing making it work.



I have Kali booting from USB, connected to the network over ethernet. The process so far has been:



echo 1 > /proc/sys/net/ipv4/ip_forward
dhclient eth0 # just to get an IP address
arpspoof -i eth0 -t 172.16.0.2 -r 172.16.0.1


172.16.0.2 is the device I want to attack and .1 is the router.



When I open wireshark and listen to what's happening, I get almost exclusively TCP retransmissions and the target computer becomes unable to do anything at all.



Before I used dhclient, I used ifconfig eth0 172.16.0.3 netmask 255.255.255.0 but this worked even worse... With that, the target computer couldn't do anything; when I used dhclient (to set the route for me), the target could at least ping the router, but couldn't ping 8.8.8.8 any more (or anything else online).



Also, this computer sometimes replies to the ICMP ping with redirect host(New Addr: ....) from my computer's IP address.



Why is this doing this? Why are the packets not being forwarded correctly? Why are there so many TCP retransmissions? Why is my computer telling it to talk to somebody else?



For a MITM attack, this sure isn't stealthy.










share|improve this question























  • If you are testing the switch, you really should be listening for the traffic on all ports of the switch. My best guess is that both your Kali and the intended destination are answering the ARP, the switch gets confused and transfers some packets to your Kali and some to the real destination, and hence the retransmissions. And yes, ICMP redirects are fun. ARP spoofing isn't that easy...

    – dirkt
    41 mins ago














0












0








0








I want to test some of my more advanced switches/APs and whether they're effective at stopping ARP Spoofing, so first I'm practicing making it work.



I have Kali booting from USB, connected to the network over ethernet. The process so far has been:



echo 1 > /proc/sys/net/ipv4/ip_forward
dhclient eth0 # just to get an IP address
arpspoof -i eth0 -t 172.16.0.2 -r 172.16.0.1


172.16.0.2 is the device I want to attack and .1 is the router.



When I open wireshark and listen to what's happening, I get almost exclusively TCP retransmissions and the target computer becomes unable to do anything at all.



Before I used dhclient, I used ifconfig eth0 172.16.0.3 netmask 255.255.255.0 but this worked even worse... With that, the target computer couldn't do anything; when I used dhclient (to set the route for me), the target could at least ping the router, but couldn't ping 8.8.8.8 any more (or anything else online).



Also, this computer sometimes replies to the ICMP ping with redirect host(New Addr: ....) from my computer's IP address.



Why is this doing this? Why are the packets not being forwarded correctly? Why are there so many TCP retransmissions? Why is my computer telling it to talk to somebody else?



For a MITM attack, this sure isn't stealthy.










share|improve this question














I want to test some of my more advanced switches/APs and whether they're effective at stopping ARP Spoofing, so first I'm practicing making it work.



I have Kali booting from USB, connected to the network over ethernet. The process so far has been:



echo 1 > /proc/sys/net/ipv4/ip_forward
dhclient eth0 # just to get an IP address
arpspoof -i eth0 -t 172.16.0.2 -r 172.16.0.1


172.16.0.2 is the device I want to attack and .1 is the router.



When I open wireshark and listen to what's happening, I get almost exclusively TCP retransmissions and the target computer becomes unable to do anything at all.



Before I used dhclient, I used ifconfig eth0 172.16.0.3 netmask 255.255.255.0 but this worked even worse... With that, the target computer couldn't do anything; when I used dhclient (to set the route for me), the target could at least ping the router, but couldn't ping 8.8.8.8 any more (or anything else online).



Also, this computer sometimes replies to the ICMP ping with redirect host(New Addr: ....) from my computer's IP address.



Why is this doing this? Why are the packets not being forwarded correctly? Why are there so many TCP retransmissions? Why is my computer telling it to talk to somebody else?



For a MITM attack, this sure isn't stealthy.







kali-linux arp






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked 5 hours ago









iAdjunctiAdjunct

1,435917




1,435917













  • If you are testing the switch, you really should be listening for the traffic on all ports of the switch. My best guess is that both your Kali and the intended destination are answering the ARP, the switch gets confused and transfers some packets to your Kali and some to the real destination, and hence the retransmissions. And yes, ICMP redirects are fun. ARP spoofing isn't that easy...

    – dirkt
    41 mins ago



















  • If you are testing the switch, you really should be listening for the traffic on all ports of the switch. My best guess is that both your Kali and the intended destination are answering the ARP, the switch gets confused and transfers some packets to your Kali and some to the real destination, and hence the retransmissions. And yes, ICMP redirects are fun. ARP spoofing isn't that easy...

    – dirkt
    41 mins ago

















If you are testing the switch, you really should be listening for the traffic on all ports of the switch. My best guess is that both your Kali and the intended destination are answering the ARP, the switch gets confused and transfers some packets to your Kali and some to the real destination, and hence the retransmissions. And yes, ICMP redirects are fun. ARP spoofing isn't that easy...

– dirkt
41 mins ago





If you are testing the switch, you really should be listening for the traffic on all ports of the switch. My best guess is that both your Kali and the intended destination are answering the ARP, the switch gets confused and transfers some packets to your Kali and some to the real destination, and hence the retransmissions. And yes, ICMP redirects are fun. ARP spoofing isn't that easy...

– dirkt
41 mins ago










0






active

oldest

votes












Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1427839%2fkali-mitm-results-in-tcp-retransmissions-abound%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Super User!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1427839%2fkali-mitm-results-in-tcp-retransmissions-abound%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Why not use the yoke to control yaw, as well as pitch and roll? Announcing the arrival of...

Couldn't open a raw socket. Error: Permission denied (13) (nmap)Is it possible to run networking commands...

VNC viewer RFB protocol error: bad desktop size 0x0I Cannot Type the Key 'd' (lowercase) in VNC Viewer...