You need to find the IP and MAC addresses of gateways.

The most direct way to view arp -a is to run arp -a in CMD. This is before the ARP attack. After the ATTACK succeeds, the MAC address of 192.168.0.1 becomes the MAC address of the attack computer.

There’s another way, log in to your router. Enter “192.168.0.1” in your browser (this is your gateway) and enter your account password to log in. Generally, you can find a LAN MAC address here, this is the LAN MAC address.

Second, change the MAC address of 192.168.0.1 in ARP to static.

Enter at run:

cmd --> arp -a
Copy the code

　　

You can see the physical address after 192.168.1.1, and the type “dynamic” indicates the dynamic cache, that is, the ARP packet will change this. If an invalid ARP packet contains an incorrect gateway, the table changes automatically. Therefore, we cannot find the correct gateway MAC and cannot communicate with other hosts properly.

— XP modification method

Arp-s Gateway IP Address Indicates the MAC address of the gatewayCopy the code

To set up static cache data, run arp -s gateway IP Gateway MAC address.

— Win7 modification method

In Windows 7, arp -S cannot be used to bind static MAC addresses, prompting “Arp entry added failed: Access denied.” The ARP entry addition failed:Access is denied.

This can only be modified by another command. Steps:

1. Enter CMD:

netsh i i show in
Copy the code

Find Idx for local connection and neighbors (10).

2. Enter CMD as follows:

Netsh -c "I I" add neighbors 10 "netsh -c" I "add neighbors 10"Copy the code

Here 10 is the idx number up here. This completes the static MAC address

Finally, arp-a to see if it has been bound?

Tip:

Netsh -c “I I” delete neighbors IDX is used to delete MAC address bindings in Windows 7.

In addition, changing the cache is a one-time method, and after the computer restarts, the static will revert to dynamic. You can write a DAT file to boot inside the execution.

Attached – ARP attack principle

The principle of ARP attack is that the attacker broadcasts an incorrect ARP message to the LAN computer. Generally, the ARP attack packet is no more than the MAC address of the attacker and the IP address of the gateway. In this way, the LAN computer updates its OWN ARP entry when receiving the ARP attack packet. The MAC address of the attack source host is the MAC address of the gateway. Because LAN communication is transmitted through THE MAC address, the computer attacked by ARP sends the packet to the computer that launches the ARP attack. Then the attack source host obtains all the Internet access packets of the attacked computer. Then use certain technical means to parse out the specific information in the packet, such as password, password, etc.

Of course, most ARP attacks are designed to control the sending of data packets and the Internet speed of computers, so as to limit the Internet speed of LAN computers and monopolize Internet traffic.

In addition, some malicious ARP attacks forge a wrong MAC address and broadcast it to all computers on the LAN. Then, the attacked computer sends a public network packet to a non-existent MAC address, thus disabling the Internet access of all computers on the LAN.

As shown below: