You are not logged in.

Pages: 1

#1 2011-04-27 10:09:19

gizmo005
Member
Registered: 2009-05-24
Posts: 37

arpspoof frezzing my traffic

Hay guys im trying to set up arpspoof on my home network to scan torrent traffic.
ATM I've just being targeting my touchpad with ubuntu installed on it, when I set it all up and start sniffing for url traffic with urlsnarf my touchpad can not load a webpage or send a ping request, tho I can pick up my own traffic. I was thinking it might be ip_forwarding, so I set up Ip forwarding and turned off iptables but im still geting the same problem hmm

arpspoof setup

sudo arpspoof -t 192.168.3.1 192.168.3.2 &
sudo arpspoof -t 192.168.3.2 192.168.3.1 &

sudo urlsnaf

My ip_forwarding

cat /proc/sys/net/ipv4/ip_forward
1

Am I doing something wong or have I missed something?

Last edited by gizmo005 (2011-04-27 10:10:25)

Offline

#2 2011-04-27 13:08:05

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,224
Website

Re: arpspoof frezzing my traffic

What is the output of `iptables -nvL`?

You may need to sniff some traffic with tcpdump:

tcpdump -lnn -i eth0 \(arp or tcp port 80\) and \(host 192.168.3.1 or host 192.168.3.2\)

Last edited by fukawi2 (2011-04-27 13:08:26)

Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?

BlueHackers // fscanary // resticctl

Offline

#3 2011-04-28 01:59:13

gizmo005
Member
Registered: 2009-05-24
Posts: 37

Re: arpspoof frezzing my traffic

My iptables output

[lightning@Dark-Lightning ~]$ sudo iptables -nvL
Password: 
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 325K   21M ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
   53  2296 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate INVALID 
 351K  398M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 ctstate NEW 
10394  840K UDP        udp  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate NEW 
11628  576K TCP        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x02 ctstate NEW 
10394  840K REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
11628  576K REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset 
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-proto-unreachable 

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 642K packets, 117M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain TCP (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22556 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22556 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:25565 

Chain UDP (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:22556 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:25565

It still dose not work even when useing tcpdump.

I'm thinking the packits are not going through my computer like I want them to.

Can anyone tell me if I have ip_forwarded my computer right?

Last edited by gizmo005 (2011-04-28 07:56:06)

Offline

#4 2011-04-28 08:05:49

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,224
Website

Re: arpspoof frezzing my traffic

gizmo005 wrote:

Can anyone tell me if I have ip_forwarded my computer right?

According the documentation I saw on the arpspoof website, you need to have ip_forward enabled, but your iptables rules are wrong for this.

Your FORWARD policy is to DROP packets:

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

You need to allow this traffic by either changing the policy (or adding rules to allow the traffic)

iptables -P FORWARD ACCEPT

Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?

BlueHackers // fscanary // resticctl

Offline

#5 2011-04-30 01:06:10

gizmo005
Member
Registered: 2009-05-24
Posts: 37

Re: arpspoof frezzing my traffic

Thank you

But if I stop iptables wont it still have the same affect?
I'll add the rules in anyway and read up on them.

Now would I have to put anything in my hosts file or hosts.allow?
I still don't really understand how arch networking all works,
Do you know a reference gide I could google up?

Last edited by gizmo005 (2011-04-30 01:11:30)

Offline

Pages: 1

Board footer

Powered by FluxBB