Professional Documents
Culture Documents
ARP Poisoning
ARP Poisoning
Suppose that A wants to send a message to C. The message is encapsulated in a TCP segment (for
example) and then in an IP datagram with the destination 222.222.222.222.
Lastly, the datagram has to be encapsulated in a frame (in order to be written on the communication
cable): but, what is the destination MAC address???
ARP PROTOCOL
• Every host has the so-called ARP table in its memory which contains mappings
of IP addresses to MAC addresses.
• It is a well-known cyber attack which corrupts the ARP tables of the two
victims. The attacker sends to the victims ARP replies which associate the IP
addresses of the two victims to the MAC address of the attacker. In this way
the attacker can see all the traffic passing between the two victims (MAN IN
THE MIDDLE).
NORMAL CONDITION (BEFORE THE ATTACK)
BAD CONDITION (AFTER THE ATTACK)
Every packet exchanged between A and B will be actually sent to the attacker C which can see all
the non-encrypted traffic (like passwords typed on an HTTP website) and possibly modify the
payload of the packets!
INSTALL MININET AND XTERM
• Open terminal
• Run: «sudo apt-get install mininet»
• Then, run: «sudo apt-get -y install openvswitch-testcontroller»
• run: «sudo apt-get install xterm»
INSTALL MININET AND XTERM