I'm poisoning my home network, I was able to do it 1 time. When i tried several more times to poison the wifi network or the cable network the "target" started to lose connectivity in both cases.
Kernel forwarding is enabled, tried with promisc. mode, the problem is not in the slow processing (CPU load is 20-30%), The Gratutious ARP packets are being broadcasted all the time with the spoofed address.
I tried poisoning only the client and poisoning both directions with arpspoof and ettercap - same result. I have experience in networking and Linux but not so experienced with pen testing so maybe I'm missing something.
I'm using low-end tp-link 940 router
Asked
Active
Viewed 200 times
0
Angel
- 11
- 2
-
What do you mean "started" to lose connectivity? Have you used Wireshark on your attacking machine to see what's happening? Also, welcome to Information Security Stack Exchange! – multithr3at3d Apr 21 '20 at 12:47
-
Yes, The DNS query/replay is working, but the TCP traffic is problematic i see a lot of retransmission, so the 'victim' can not connect to anything – Angel Apr 21 '20 at 14:32
-
Hm, we'd probably need more technical detail/output. This type of question may be more appropriate for a forum/discussion format rather than Q&A since there may be a bit of back and forth for troubleshooting. – multithr3at3d Apr 21 '20 at 14:35
-
Yes, you are right. There is a lot of unknown like how devices respond to GARP. and other specific details. I will continue the debuging and if I find a solution I will post it. – Angel Apr 21 '20 at 14:48
1 Answers
1
I have figured it out. The problem was Network Manager, after I have stopped it and ran arpspoof everything worked like a charm. The traffic was flowing without any problem.
Angel
- 11
- 2