6. ARP Poisoning, Continued

To get into the path between these two machines I need to identify the actual information of each, which can be achieved by sending a PING to each machine. At this point, my machine information is as follows:

Now, I generate an ARP reply to each target machine - irrespective of whether their machine actually made an ARP request - causing the cache on each machine to be updated with the information that I send to it.

I have "poisoned" the ARP cache in both PC-A and PC-B so that PC-A thinks that I am PC-B, and PC-B thinks that I am PC-A. What we have just described is called ARP Poisoning, and it effectively allows me to be the Man in the Middle (MITM) intercepting all traffic between PC A and PC B.

What's required for the job? A few simple programs: PING, ARP, NMAP (if you are not sure of the machine that you need to target) and a packet injection program such as NEMESIS or ETTERCAP. An informative resource describing the process for techies can be found here.

The above book also has a very concise description of the process, and the diagrams above were inspired from its content.

Both of these resources require a level of technical knowledge. If you use the techniques without knowing the potential pitfalls, or do so illegally, then you should expect someone to get upset with you when your network segment crashes, or you are reported for unethical activity. You've been warned!