Intenté realizar un ataque MITM en mi red. Activé ettercap
, marcé mi enrutador como TARGET1 y mi segunda computadora como TARGET2. Entonces habilité 'ARP Spoofing'.
No sé por qué, pero después de esta operación mi víctima perdió la conexión a Internet. No veo nada en urlsnarf
. Parece que ambos lados de mi plan se conocen, hay algunos problemas: a continuación, publico los resultados de la captura de Wireshark.
Mi pregunta es? ¿Qué hago mal? ¿Qué debo mejorar para hacer un buen ataque MITM? Para este ataque utilicé una tarjeta Wi-Fi externa, también tengo una interfaz más integrada (estaba conectada a la misma red). He habilitado el reenvío de ipv4 ( cat /proc/sys/net/ipv4/ip_forward
== 1).
Resultados de la captura de Wireshark:
No. Time Source Destination Protocol Length Info
9 0.582284000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 192.168.0.100 is at [ATTACKER MAC]
Frame 9: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
10 0.582393000 Tp-LinkT_21:e9:30 AsustekC_a7:27:9a ARP 42 192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)
Frame 10: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 9)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 9)]
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
118 10.582643000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 192.168.0.100 is at [ATTACKER MAC]
Frame 118: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
119 10.582701000 Tp-LinkT_21:e9:30 AsustekC_a7:27:9a ARP 42 192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)
Frame 119: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 118)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 118)]
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
140 20.582933000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 192.168.0.100 is at [ATTACKER MAC]
Frame 140: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
141 20.582995000 Tp-LinkT_21:e9:30 AsustekC_a7:27:9a ARP 42 192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)
Frame 141: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 140)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 140)]
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
171 30.583194000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 192.168.0.100 is at [ATTACKER MAC]
Frame 171: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
172 30.583261000 Tp-LinkT_21:e9:30 AsustekC_a7:27:9a ARP 42 192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)
Frame 172: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 171)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 171)]
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
185 40.583479000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 192.168.0.100 is at [ATTACKER MAC]
Frame 185: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
186 40.583543000 Tp-LinkT_21:e9:30 AsustekC_a7:27:9a ARP 42 192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)
Frame 186: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 185)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 185)]
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
330 50.583765000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 192.168.0.100 is at [ATTACKER MAC]
Frame 330: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
331 50.583831000 Tp-LinkT_21:e9:30 AsustekC_a7:27:9a ARP 42 192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)
Frame 331: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 330)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 330)]
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
333 51.601767000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 Who has 192.168.0.1? Tell 192.168.0.101
Frame 333: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (request)
No. Time Source Destination Protocol Length Info
334 51.602934000 Tp-LinkT_8c:13:50 Tp-LinkT_21:e9:30 ARP 42 192.168.0.1 is at [ROUTER MAC]
Frame 334: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_8c:13:50 ([ROUTER MAC]), Dst: Tp-LinkT_21:e9:30 ([ATTACKER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
1728 60.584062000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 192.168.0.100 is at [ATTACKER MAC]
Frame 1728: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
1729 60.584131000 Tp-LinkT_21:e9:30 AsustekC_a7:27:9a ARP 42 192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)
Frame 1729: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 1728)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 1728)]
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
1849 70.584400000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 192.168.0.100 is at [ATTACKER MAC]
Frame 1849: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
1850 70.584480000 Tp-LinkT_21:e9:30 AsustekC_a7:27:9a ARP 42 192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)
Frame 1850: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 1849)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 1849)]
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
1896 80.584691000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 192.168.0.100 is at [ATTACKER MAC]
Frame 1896: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
1897 80.584765000 Tp-LinkT_21:e9:30 AsustekC_a7:27:9a ARP 42 192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)
Frame 1897: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 1896)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 1896)]
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
1932 90.584985000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 192.168.0.100 is at [ATTACKER MAC]
Frame 1932: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
1933 90.585049000 Tp-LinkT_21:e9:30 AsustekC_a7:27:9a ARP 42 192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)
Frame 1933: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 1932)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 1932)]
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
1946 100.585252000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 192.168.0.100 is at [ATTACKER MAC]
Frame 1946: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
1947 100.585312000 Tp-LinkT_21:e9:30 AsustekC_a7:27:9a ARP 42 192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)
Frame 1947: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 1946)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 1946)]
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
1992 110.585539000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 192.168.0.100 is at [ATTACKER MAC]
Frame 1992: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
1993 110.585597000 Tp-LinkT_21:e9:30 AsustekC_a7:27:9a ARP 42 192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)
Frame 1993: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 1992)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 1992)]
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
2054 120.585783000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 192.168.0.100 is at [ATTACKER MAC]
Frame 2054: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
2055 120.585833000 Tp-LinkT_21:e9:30 AsustekC_a7:27:9a ARP 42 192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)
Frame 2055: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 2054)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 2054)]
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Length Info
2061 124.609742000 Tp-LinkT_21:e9:30 Tp-LinkT_8c:13:50 ARP 42 Who has 192.168.0.1? Tell 192.168.0.101
Frame 2061: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (request)
No. Time Source Destination Protocol Length Info
2062 124.610917000 Tp-LinkT_8c:13:50 Tp-LinkT_21:e9:30 ARP 42 192.168.0.1 is at [ROUTER MAC]
Frame 2062: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_8c:13:50 ([ROUTER MAC]), Dst: Tp-LinkT_21:e9:30 ([ATTACKER MAC])
Address Resolution Protocol (reply)