testing mac spoofing

on virtualbox

we got two virtual machines on virtualbox (bridge network).

the first one called debian12 has two NICs

08:00:27:07:e6:6b -- 192.168.1.14
08:00:27:97:ca:a5 -- no IP defined

the second one called debian12-clone has one NIC

08:00:27:b9:1f:5e -- 192.168.1.15

we first test the normal behaviour from the host system (linux).

ping -c1 192.168.1.14
ping -c1 192.168.1.15
arp -a

we are going to spoof the clone mac on the former

ifconfig enp0s8 hw ether 08:00:27:b9:1f:5e
ifconfig enp0s8 192.168.1.15/24 up

we then sniff the traffic on both sides

the attacker

tcpdump -i enp0s8 not port ssh

the victim

tcpdump -i enp0s3 not port ssh

and we start pinging from the host system

ping 192.168.1.15

==> result is not concluant on VBOX, we only see ICMP on the victim - the attacker remains blind

resources

https://serverfault.com/questions/462178/duplicate-mac-address-on-the-same-lan-possible


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun