Being one of the most active members in this WiFi board I can see that a
lot of people don't understand this in depth but they only know why are
we using it and what is the result. In this thread I will explain to
all of you that already know something about this and to all of you that
doesn't know a thing for this what exactly is ARP and ARP Poisoning. In
this thread I will explain what actually happens in the background of
the attack.
ARP Poisoning is one of the most famous network hacking attacks but only a few people understand what happens in the background. In order to understand this attack better first I will explain what exactly is ARP. ARP or Address Resolution Protocol is a network protocol that resolves IP addresses to MAC addresses. It is a protocol that connects the Logical Addressing(IP) with the Physical Addressing(MAC) of the networking scheme. In networking you have Layers. Imagine them as different levels. Each layer/level has his own job. These are the 7 Layers according to the OSI Model:
The Address Resolution Protocol is between the NETWORK LAYER and the DATA LINK LAYER. I know that this looks a bit strange for those of you who haven't worked with networking but if you read a bit about the layers you will understand it better. So once again... ARP is in charge of RESOLVING IP ADDRESSES TO MAC ADDRESSES.
Now that you understand what ARP is I can explain the ARP poisoning to you. I am not sure when exactly but people found a way to trick the ARP. Actually ARP Poisoning is a process where we send a fake or "spoofed" ARP messages to a LAN. Those actually resolve the gateway IP address to our MAC address. There for all the traffic that is meant to be for the gateway goes through US ( this is not the UNITED STATES !!! ). So actually what we do is we tell the gateway that we are the slave and we tell the slave that we are the gateway. Illustrated it looks like this:
In this image the attacker performed ARP poisoning between 2 users on the networks. Therefor each traffic that is from slave A for slave B will first go through the attacker and then he will resend it to its original destination. And vise versa. Each traffic from slave B for slave A goes through the attacker. That is why ARP Poisoning is used for sniffing. All the traffic goes through you and you can analyze the packets passing by with no problems.
What is ARP ?
ARP Poisoning is one of the most famous network hacking attacks but only a few people understand what happens in the background. In order to understand this attack better first I will explain what exactly is ARP. ARP or Address Resolution Protocol is a network protocol that resolves IP addresses to MAC addresses. It is a protocol that connects the Logical Addressing(IP) with the Physical Addressing(MAC) of the networking scheme. In networking you have Layers. Imagine them as different levels. Each layer/level has his own job. These are the 7 Layers according to the OSI Model:
The Address Resolution Protocol is between the NETWORK LAYER and the DATA LINK LAYER. I know that this looks a bit strange for those of you who haven't worked with networking but if you read a bit about the layers you will understand it better. So once again... ARP is in charge of RESOLVING IP ADDRESSES TO MAC ADDRESSES.
ARP Poisoning
Now that you understand what ARP is I can explain the ARP poisoning to you. I am not sure when exactly but people found a way to trick the ARP. Actually ARP Poisoning is a process where we send a fake or "spoofed" ARP messages to a LAN. Those actually resolve the gateway IP address to our MAC address. There for all the traffic that is meant to be for the gateway goes through US ( this is not the UNITED STATES !!! ). So actually what we do is we tell the gateway that we are the slave and we tell the slave that we are the gateway. Illustrated it looks like this:
In this image the attacker performed ARP poisoning between 2 users on the networks. Therefor each traffic that is from slave A for slave B will first go through the attacker and then he will resend it to its original destination. And vise versa. Each traffic from slave B for slave A goes through the attacker. That is why ARP Poisoning is used for sniffing. All the traffic goes through you and you can analyze the packets passing by with no problems.
Post a Comment