You are not logged in.
Hay guys im trying to set up arpspoof on my home network to scan torrent traffic.
ATM I've just being targeting my touchpad with ubuntu installed on it, when I set it all up and start sniffing for url traffic with urlsnarf my touchpad can not load a webpage or send a ping request, tho I can pick up my own traffic. I was thinking it might be ip_forwarding, so I set up Ip forwarding and turned off iptables but im still geting the same problem
arpspoof setup
sudo arpspoof -t 192.168.3.1 192.168.3.2 &
sudo arpspoof -t 192.168.3.2 192.168.3.1 &
sudo urlsnaf
My ip_forwarding
cat /proc/sys/net/ipv4/ip_forward
1
Am I doing something wong or have I missed something?
Last edited by gizmo005 (2011-04-27 10:10:25)
Offline
What is the output of `iptables -nvL`?
You may need to sniff some traffic with tcpdump:
tcpdump -lnn -i eth0 \(arp or tcp port 80\) and \(host 192.168.3.1 or host 192.168.3.2\)
Last edited by fukawi2 (2011-04-27 13:08:26)
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
My iptables output
[lightning@Dark-Lightning ~]$ sudo iptables -nvL
Password:
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
325K 21M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
53 2296 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
351K 398M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 ctstate NEW
10394 840K UDP udp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW
11628 576K TCP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 ctstate NEW
10394 840K REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
11628 576K REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-proto-unreachable
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 642K packets, 117M bytes)
pkts bytes target prot opt in out source destination
Chain TCP (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22556
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22556
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25565
Chain UDP (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:22556
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:25565
It still dose not work even when useing tcpdump.
I'm thinking the packits are not going through my computer like I want them to.
Can anyone tell me if I have ip_forwarded my computer right?
Last edited by gizmo005 (2011-04-28 07:56:06)
Offline
Can anyone tell me if I have ip_forwarded my computer right?
According the documentation I saw on the arpspoof website, you need to have ip_forward enabled, but your iptables rules are wrong for this.
Your FORWARD policy is to DROP packets:
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
You need to allow this traffic by either changing the policy (or adding rules to allow the traffic)
iptables -P FORWARD ACCEPT
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
Thank you
But if I stop iptables wont it still have the same affect?
I'll add the rules in anyway and read up on them.
Now would I have to put anything in my hosts file or hosts.allow?
I still don't really understand how arch networking all works,
Do you know a reference gide I could google up?
Last edited by gizmo005 (2011-04-30 01:11:30)
Offline