I fail to understand how a MITM attack sniffs packets and modifies them.In the case of ARP spoofing although the attacker has spoofed the MAC address of a host, how does he modify it? if he listen to the message between the sender and destination and after the message delivered to destination he sent gratuitous ARP reply ? when he know the message delivered to destination ?
Asked
Active
Viewed 362 times
1 Answers
2
Generally, to perform MITM attack between A & B, you must apply 3 steps:
- Trick A to think you're B
- Trick B to think you're A
- Enable packets forwarding
To answer you question, there are 3 types of ARP packets, the normal send and reply packets, and gratuitous packets.
Using gratuitous packets, the attacker can modify or 'poison' the targets cache, so he can trick both A & B, and stay in their ARP table as a legit part of the connection.
Note that this kind of attacks can be stopped using some kind of switches which is able to sniff the network for gratuitous arp packets and re-send the correct data through the network.
Eibo
- 2,485
- 3
- 19
- 32