So after I have played with the Network Spoofer developed by Digitalsquid (http://digitalsquid.co.uk/netspoof/), I have been trying to get a better understanding of its internal working by writing a c program that does something similar.
My program currently takes in 4 parameters - source ip, source mac, victim ip, and victim mac - and send an ARP reply packet with them. When testing the program on my home network, I would do something like setting the source ip to be the router's ip, source mac to be something bogus, victim ip to be my laptop's ip, and victim mac to be my laptop's wireless card mac.
The problem is, although I can see the packet being sent/received from monitoring the wireless card using tcpdump (ie. I would see something like "01:43:23.656745 ARP, Ethernet (len 6), IPv4 (len 4), Reply rouer-ip is-at bogus-mac-address, length 28", which is just what I expected), the ARP cache entry for the router stays the same (ie. still has the correct mac address).
I am not quite sure what the problem here is, and why I couldn't poison my ARP cache. I read somewhere that it could be my OS, Ubuntu 12.04, dropping the unsolicited ARP packets, so I tried to set /proc/sys/net/ipv4/conf/wlan0/arp_accept to 1 - no luck. I also tried to turn IP forwarding on (setting /proc/sys/net/ipv4/ip_forward to 1) as suggested by another article, and still had no luck.
I would really appreciate if somebody can give me some pointers/hints as to what the problem might be. Also, please correct me if I had a mistake in my understanding - I am quite new in the realm of c programming and ARP spoofing.
Thanks!
JY
