Understanding Session Hijacking 299
- Now you’re good to go on the traffic capture. You are able to capture the ICMP packets
traversing the network and are ready to have some fun. Use the arpspoof utility in your
Backtrack distribution to poison the victim’s ARP cache. The syntax for the command
is arpspoof [-i interface] [-t target] host. Recall that with an MITM attack,
you are attempting to funnel all traffic through your machine. With that in mind, you
will use arpspoof on your Windows XP client. The command is arpspoof -i eth0 –t
192.168.1.4 192.168.1.5. - Now you have your Windows XP client thinking you are the Windows 7 client. Now, take
a quick look at your Wireshark screen to see what kind of traffic is being captured. You
should see some ARP broadcasts with some interesting mappings. - So far you have poisoned the ARP cache of the Windows XP client and have verified that
your broadcasts are being sent via Wireshark. Excellent; now move to the Windows 7
client and perform the same process, just in reverse. The command is arpspoof –i
eth0 –t 192.168.1.5 192.168.1.4.