arpspoof scenario does not work
 

Hello guys,

I have setup the following scenario:
Two virtual machines with Kali Linux:
- The attacker
- The victim

The attacker sends ARP packages with arpspoof to the victim indicating that it is another third node (another IPv4 address) which does not actually exist.

Using arp to list all entries in the cache on the victim's machine shows that it knows now the third node with the MAC address of the attacker (which is what I wanted to achieve). But unfortunately it also knows the attacker with the same MAC address but another IP.

pinging the attacker works, pinging the third node does not work (although it should redirected to the attacker now). Probably because I have two nodes with the same MAC address. Maybe it does not work since the node does not actually exist? But the victim should be redirected to the attacker node?

I tried to prevent sending regular ARP replies from the attacker with its actual IP address using arptables but as soon as I called arpspoof from the attacker the victim also knew that the attacker with its actual IP address has the same MAC address.

How can I setup the scenario that the attacker with its actual IP address is not seen by the victim? Do I have to disable the interface of the attacker or the IP address? Might this be the problem or do I have to add a realy third virtual machine which is the actual target? The scenario should demonstrate a simple ARP spoofing attack but with minimal effort, so I thought two nodes would be enough.

probably change mac addres with macchanger and see whats happening. at least you eliminate one probability.

macchanger -m b2:aa:0e:56:ed:f7 eth0