http://qs321.pair.com?node_id=817446


in reply to Re^2: ARP Poisoning (somewhat OT)
in thread ARP Poisoning

This node falls below the community's threshold of quality. You may see it by logging in.

Replies are listed 'Best First'.
Re^4: ARP Poisoning (somewhat OT)
by tirwhan (Abbot) on Jan 14, 2010 at 18:36 UTC

    Sigh..all right, I've really run out of patience with you, but to end this off on a semi-helpful note I'll reply briefly. Read this, then read my post above again, think about it, read a book and maybe you'll get it.

    ARP poisoning is the act of broadcasting malicious reply packets
    s/is the act of broadcasting/amongst other things requires sending/;
    my code does this very happily and in a very legitimate sort of way

    No, it does this in the dumbest and least efficient way possible.

    checked it using the tcpdump sniffer

    Hint: tcpdump does not explain the whole packet to you, you won't actually see the ARP payload unless you manually inspect the packet content yourself (it shows you the Ethernet frame data, which is not necessarily the same as the ARP payload).

    it does update the MAC address of the gateway

    Newsflash: just because it works on your router, doesn't mean it'll work on others.

    Oh, and I thought this was your network administrator's router? You know, the one who was so happy you notified him of this "vulnerability"...don't bother replying, I won't.


    All dogma is stupid.