Hello,
i'm studying how a mitm attack works and i'm trying to figure out a few things. I'm trying to sniff packets of a third computer i have in my network, so in my linux machine (with a backtrack 5) i set up this commands:
echo 1 > /proc/sys/net/ipv4/ip_forward
then
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
then i start arpspoof targeting on computer only with the -t option and giving the router as host.
The iptables command above is the same i use with sslstrip but this will be another question!
What i'm trying to understand is: how can i give to iptables a command that forward all the incoming
connection given by the arp poisoning to the host, make my linux pc acting like a trasparent gateway?
I would like to use this configuration to sniff all the traffic between the router and the attacked machine
with wireshark. For now i'd like to understand what i'm missing...
I remember than 10 years ago i was able to connect to an access point and sniff all the clients traffic,
but now this doesn't work anymore and i can't figure out what i'm missing. So in the meantime
i found as a solution, the arp spoofing, but it's not so silent as it was just sniffing with ethereal,
indeed if i attack all my home network some computers start to hang, while surfing the web.
My linux machine is a virtual machine done with vmware, running on osx Lion and i'm using an Alfa wus036nh as network card or a Dlink dwl122 which seems to work much better while arp poisoning!
Thank you in advance!
Understanding how iptables (+arpspoof) works in a "soft" mitm attack
