See the Ettercap page for the apt-get list of things you'll need if you're installing Ettercap from source. The attacker will absolutely need Ettercap and Wireshark to get the attack up and running. The attacker will use a couple of different tools to perform the man in the middle attack. This will trick the router into updating its list of MACs and IPs, and will try sending traffic to the attacker's MAC too. The attack will use Ettercap to automate the process of sending the right ARP packets. If an attacker can modify entries in that table, they can receive all traffic intended for another party, make a connection to that party, and forward it along, tampering with the sheep's information. In this scenario, the attacker Kronos 10.0.0.19 will be attacking the sheep Jupiter 10.0.0.75Īs described on the ARP Poisoning attack page, this attacks the lookup table that every router has that maps IP addresses to MAC addresses. 5.3 Watch the Network for Telltale SignsĬaveman ASCII art of my network configuration:.2.4 Driftnet for Image Traffic Analysis.2.3.4 What ARP Poisoning Looks Like in Wireshark.2.3.3 Finding Login Credentials in Wireshark.2.3.2 Test Wireshark Credentials Sniffing.