Closed william1357chen closed 2 years ago
I won't be able to reproduce this issue soon. In the meantime, could you give our arpcachepoison() function a try?
The arpcachepoison()
function uses ARP requests (who-has
) instead of replies which does indeed solve the issue but I have discovered other problems associated with using ARP requests such as packet loss.
Thanks. Let's move this discussion to gitter as this is not a Scapy issue.
Brief description
There is an issue with using
scapy
to send ARP replies (opcode=2) in Windows 10 Ethernet. The outgoing packets change the ARP cache of the host, resulting in a messed-up ARP cache when performing tasks like ARP poisoning.Where this issue happens:
This issue does not happen on:
Haven't tested:
Please let me know if anyone can reproduce this issue and it's not just my PC. I believe that this is an issue because If this is not an issue, why does it only happen on Windows 10 with Ethernet adapters?
Scapy version
2.4.3 and 2.4.5
Python version
3.8 and 3.9
Operating system
Windows 10 Pro
Additional environment information
ARP poisoning
Here's an example of what happens when running ARP poisoning on Windows 10 Ethernet:
When sending ARP spoof replies to gateway, we have
When sending ARP spoof replies to target, we have:
This changes the ARP cache from the correct entries:
To incorrect entries:
This means that:
How to reproduce
Run this ARP poisoning script on Windows 10 Ethernet. Make sure that
conf.iface
is an Ethernet NIC. Also, make sure to change the gateway_ip and target_ip according to your network. After running this script, runarp -a
to check your ARP table. Run for 30 seconds if you don't see results immediately.Actual result
No response
Expected result
No response
Related resources
No response