search

alandau / arpspoof

A simple ARP spoofer for Windows
330 stars 67 forks source link

Arpspoof causing connection time out and destination host unreachable #3

Closed DMCK96 closed 6 years ago

DMCK96 commented 6 years ago

Okay so both PCs are my own (we'll call one PC and one laptop). Laptop is the one with arpspoof trying to listen to PCs packets.

  1. PC and Laptop can both ping eachother.
  2. Arpspoof to PC and the result is "Cannot resolve victim IP"
  3. Ping from PC to laptop now returns Timed Out.
  4. Ping form laptop to PC now returns Destination Host Unreachable
  5. After about 5 - 10 seconds both PC and Laptop can ping eachother again.

Those steps just keep repeating themselves. IP Routing is enabled on my PC, both firewalls completely disabled and no other security software is installed on either PC or Laptop.

alandau commented 6 years ago

Can you show a full trace of the commands you're running and their output?

When arpspoof says it can't resolve the victim's IP, it hasn't done any spoofing yet. It's just the function ResolveIpNetEntry2 that failed. I don't see how this can cause pings to fail.

Do note that I haven't tested with IP Routing enabled.

DMCK96 commented 6 years ago

This is from the host (laptop)

C:\Windows\system32>ping 100.76.109.1

Pinging 100.76.109.1 with 32 bytes of data:
Reply from 100.76.109.1: bytes=32 time=5ms TTL=128
Reply from 100.76.109.1: bytes=32 time=4ms TTL=128
Reply from 100.76.109.1: bytes=32 time=2ms TTL=128
Reply from 100.76.109.1: bytes=32 time=3ms TTL=128

Ping statistics for 100.76.109.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 5ms, Average = 3ms

C:\Windows\system32>arpspoof.exe 100.76.109.1
Resolving victim and target...
Can't resolve victim IP, is it up?

C:\Windows\system32>ping 100.76.109.1

Pinging 100.76.109.1 with 32 bytes of data:
Reply from 100.76.108.244: Destination host unreachable.
Reply from 100.76.108.244: Destination host unreachable.
Reply from 100.76.108.244: Destination host unreachable.
Reply from 100.76.108.244: Destination host unreachable.

Ping statistics for 100.76.109.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

// Everything below here happens after the last ping in the next code block

C:\Windows\system32>ping 100.76.109.1

Pinging 100.76.109.1 with 32 bytes of data:
Reply from 100.76.109.1: bytes=32 time=3ms TTL=128
Reply from 100.76.109.1: bytes=32 time=2ms TTL=128
Reply from 100.76.109.1: bytes=32 time=2ms TTL=128
Reply from 100.76.109.1: bytes=32 time=5ms TTL=128

Ping statistics for 100.76.109.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 5ms, Average = 3ms

This is from the PC (victim)

C:\WINDOWS\system32>ping 100.76.108.244

Pinging 100.76.108.244 with 32 bytes of data:
Reply from 100.76.108.244: bytes=32 time=70ms TTL=128
Reply from 100.76.108.244: bytes=32 time=104ms TTL=128
Reply from 100.76.108.244: bytes=32 time=42ms TTL=128
Reply from 100.76.108.244: bytes=32 time=87ms TTL=128

Ping statistics for 100.76.108.244:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 42ms, Maximum = 104ms, Average = 75ms

// Everything below happens after "Destination Host Unreachable." in the previous code block.

C:\WINDOWS\system32>ping 100.76.108.244

Pinging 100.76.108.244 with 32 bytes of data:
Request timed out. 
Reply from 100.76.108.244: bytes=32 time=63ms TTL=128
Reply from 100.76.108.244: bytes=32 time=105ms TTL=128
Reply from 100.76.108.244: bytes=32 time=48ms TTL=128

Ping statistics for 100.76.108.244:
    Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
    Minimum = 48ms, Maximum = 105ms, Average = 72ms
alandau commented 6 years ago

arpspoof by definition works only inside one subnet. Are both computers on the same subnet?

From the IP addresses used and the latency between the two, it seems like not. It looks like the two computers are behind ISP's Carrier Grade NAT or some VPN. This would explain the Can't resolve victim IP, is it up? error. I think ping not working afterwards is some side effect not directly related to the main problem.

What is the netmask used on both computers (ipconfig /all)? Can you ping each other while setting the TTL to 1? ping -i 1 <ip>? How does the network look between the two computers? (e.g. directly connected to the same switch, located at two different places connected to the same ISP, etc.)

simonmy commented 6 years ago

I am getting the issue of can´t find the interface(explicitly specified or matching victim IP)

I´ve tried everything I could think of but nothing solved it. I am quite sure I got the right ip

alandau commented 6 years ago

@simonmy: Do you think it's the same issue as discussed here? If so, why? If not, please open a separate issue. I'll need your --list output and a description of your network topology and what you're trying to do.

alandau commented 6 years ago

Please reopen if you still have issues

rifkichaplin commented 6 years ago

I think you need to allow your windows policy to make forward the traffic. for e.g on Linux you need run command for allowed "#echo 1 > /proc/sys/net/ipv4/ip_forward"