Closed william1357chen closed 2 years ago
alandau
commented
2 years ago The tool is sending ARP requests (opcode 1) not replies (opcode 2), which could be the reason you're not seeing packets if you're filtering on opcode==2. Just tried it and I DO see the spoofing request packets in Wireshark.
william1357chen
commented
2 years ago Ohhh interesting I've never encountered an implementation of ARP spoofing that only uses ARP requests to spoof arp tables. One last question, I am curious as to the reason for only supporting Ethernet. What would be the difference between ARP spoofing on an Ethernet interface and a WiFi interface?
alandau
commented
2 years ago Frankly, I don't remember why I used requests and not replies... Re Ethernet, why do you say it only supports Ethernet? It does support WiFi, as there's no difference as far as ARP is concerned.
william1357chen
commented
2 years ago Just that line 375 in arpspoof.cpp mentions that "This program works only on Ethernet networks.\n" Am I confused with what you were trying to do?
alandau
commented
2 years ago This is just filtering out non-Ethernet-like network adapters, such as VPN, etc (i.e., those not using ARP). WiFi looks exactly like Ethernet (at far as this check is concerned) and works just as well.
Message ID: @.***>
Hi, I've been testing the executable on Windows 10 x64 and everything is working as expected. The only confusion I have is that Wireshark cannot sniff the fake ARP replies (opcode==2) sent by the host. I can confirm that the router's ARP table is poisoned, but cannot see the ARP replies that actually poisoned the router on Wireshark. Do you happen to know the reason for this?