IP Forwarding, MiTM in scapy

Question

I am trying to conduct a MiTM attack using scapy, as a part of my project. Following are the details:

pkt=ARP(op=1,hwdst='00:0c:29:9c:70:2e',pdst='192.168.1.105',psrc='192.168.1.1')
send(pkt,loop=1)

hwdst=Kali Linux MAC   (attacker)

pdst= Victims IP       (victim)

psrc= Gateway router IP (router)

To conduct a MiTM attack I enabled 'ip forwarding', using following command:

echo '1' > /proc/sys/net/ipv4/ip_forward

On victims machine, I tried accessing google.com in browser, it doesnt connects !.

In Kali Linux, I enabled Wireshark, I do see packets being forwarded from Kali Linux to Google.com, but not from Kali to Victim's machine.

Q-1 / Any idea why the victim machine is unable to access google.com, via Kali Linux?

Q-2 / What exactly does this command do echo '1' > /proc/sys/net/ipv4/ip_forward ?

it enables ip forwarding, check this out http://unix.stackexchange.com/questions/14056/what-is-kernel-ip-forwarding — Padraic Cunningham, Dec 24 '14 at 20:43

score 3 · Answer 1 · edited Apr 13 '17 at 12:36

3

Port Forwarding needs to be enabled on the host machine as well (if Kali is being used as VM).

What does ipforward do? https://unix.stackexchange.com/questions/14056/what-is-kernel-ip-forwarding

edited Apr 13 '17 at 12:36

Community

1
1

answered Dec 26 '14 at 10:21

Muhammad Suleman

727
4
13
24

IP Forwarding, MiTM in scapy

1 Answers1