I'm trying to understand mitm by arp poisoning. To do so I'm practicing on the network I manage:
- attacker : IPA
- victim : IPC
- gateway : IPG
I use nighthawk, and kali linux (via virtual box).
I can poison the victim by using arpspoof under kali linux. arp -a
on victim confirms the MAC replacement for the gateway.
but I never can setup a mitm attack because:
- my gateway (IPG) is a TG670s
- when I start poisoning it, the victim becomes to receive arp message:
IPG ask who is IPC
- that kills my poisoning on IPC
I think this is a defense mechanism of the gateway, but I can't find article on this mechanism (send a query on unsolicited answer).
Is my guess correct ? Or do I miss something ?