Arp-request sniffing

Toggle sidebar Toggle sidebar
J

joconnor

Distinguished
Dec 17, 2004
1
0
18,510
Archived from groups: alt.internet.wireless (More info?)

Hi all,

Ive been looking into some packet injection techniques and have read
that the best packets to inject into a network to increase traffic is
arp-requests.I have so far built up a 100Mb file of traffic and on
filtering for arp-requests with ethereal there isnt a single
arp-request packet.Is this typical? and can i somehow force arp-request
by maybe forcing dis-associations on the network?
Regards
joconnor


--
joconnor
brought to you by http://www.wifi-forum.com/
 
G

Guest

Guest
Archived from groups: alt.internet.wireless (More info?)

On Thu, 16 Dec 2004 20:45:37 GMT, joconnor
<joconnor.1hdk0y@WiFi-Forum_dot_com> wrote:

>Ive been looking into some packet injection techniques and have read
>that the best packets to inject into a network to increase traffic is
>arp-requests.

What? Packet injection as in spoofing? Arping is a method of faking
a response as to which machine owns an IP address. It's commonly used
to create a "man in the middle" type of security nightmare. If this
is what you're planning to do, please turn yourself in to the nearest
federal anti-terrorism agency for re-education in proper use of
internet protocols.

>I have so far built up a 100Mb file of traffic and on
>filtering for arp-requests with ethereal there isnt a single
>arp-request packet.Is this typical? and can i somehow force arp-request
>by maybe forcing dis-associations on the network?

First, check if ARP decoding is enabled.
Analyze -> Enabled Protocols -> ARP

You can generate an ARP request by pinging a new IP address on your
LAN. It doesn't have to be a real device, just one that's not in the
current arp cache:
arp -a
Yep. It works. Just ping any IP non-existant address in your Class C
IP LAN block.

Frame 2 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:02:b3:1e:39:ed, Dst: 00:0c:41:71:36:30
Internet Protocol, Src Addr: 192.168.1.10 (192.168.1.10), Dst Addr:
216.239.63.104 (216.239.63.104)
Transmission Control Protocol, Src Port: 1068 (1068), Dst Port: http
(80), Seq: 0, Ack: 1, Len: 0

No. Time Source Destination
Protocol Info
3 4.503801 192.168.1.10 Broadcast ARP
Who has 192.168.1.99? Tell 192.168.1.10


--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom