Title: Arp Spoofing Video Follow Along

By: Elohimus
Date: 11/15/04

Some people were giving me feedback on my video tutorials and some of them menti
oned that they had no idea what was going on during the movie, so I decided for
this one I would write a small follow along tutorial so everyone knows what exac
tly I am doing.

1) I start off by opening Cain and Abel since it is the program I am going to be
using to ARP Spoof and to Packet Sniff. I select the NIC I am going to begin us
ing and then I start the sniffing service.
2) Next I scan the subnet to find all of the computer on it that have a MAC addr
ess. I see that 192.168.2.1 and 192.168.2.5 are in the list. 192.168.2.1 is my r
outer, and 192.168.2.5 is my *nix box.
3) I then open the window that allows me to select the router I am going to be i
mitating (192.168.2.1) and then computer(s) that I will be my targets (192.168.2
.5).
4) Next I am showing everyone that I have no passwords already loaded into my sn
iffer, it's like the "There is nothing up my sleeve routine"
5) After that I select to start the ARP Spoofing service, and as you can see und
er status it changed from "idle" to "poisoning"
6) I log into my *nix box (192.168.2.5, which is my target) and I go to the webs
ite deviantart. Immediately you are able to see the packet activity on the lower
window in Cain and Abel.
7) I log into the deviantart website with a username and password, and I sucessf
ully log in.
8) I exit out of my *nix box and go to see that it logged the password through m
y router.

Extras:
ARP Spoofing is done by tricking the target computer into thinking that you are
the router. It sends it's packets to you, and you send them to the router. The r
outer then sends them to the destination. When the destination sends them back (
deviantart in this case), the router sends it back to you, and you route the pac
kets to the target computer.
A model would be: Target Computer -> Attacker -> Router -> Destination (d
eviant art) and then
Destination -> Router -> Attacker -> Target Computer

There are two types of modes while ARP Spoofing through: Full-Routing and Half-R
outing

Full-Routing: This waits for the replied (incoming) packets from the destination
 before it sniffs the packets, this helps to make sure that you aren't sniffing
a mispelled password.
Half-Routing: This sniffs the sent (outgoing) packets from the destination, some
times this could be a problem because the person might not type in the password
correctly.
Hope everyone enjoyed the movie and the tutorial. More are on their way.

Shouts: Scytzo, Woody, Rake, StreetSmart, Zombie, Milamber, Glycol, Mattman, Wes
twood, and SwiftDeath