man in the middle attacks

Ok, to use this you need 2 interfaces in your linux box right?  Can they both be in the same network (ie: eth0 192.168.1.5  eth1 192.168.1.6).

The goal here is to craft fake arp replies to broadcast right? To poison the mac table of the victim AND the real gateway?
Pretend my macs are as followed
eth0 192.168.1.5     00:50:04:88:0B:47
eth1 192.168.1.6     00:B0:d0:86:E8:2B

I send one arp reply that tells the victim "the gateway can now be found at  00:50:04:88:0B:47"    The attacker then sends another arp reply out that tells the real gateway : "the victim can now be found at 00:B0:d0:86:E8:2B

Then the victim starts sending me internet traffic (which I sniff), I then forward this traffic out of eth1 towards the real gateway.  When the real gateway responds, he will be sending the data to my eth1. Which I will forward out my eth0 to the victim.

Hence they are none the wiser. Is this correct?
dissolvedAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ahoffmannCommented:
> Can they both be in the same network
yes (but don't know what this has to do with MITM)

> Hence they are none the wiser. Is this correct?
no, 'cause some attackers my be not in the same net segment, hence never see your MACs

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
decoleurCommented:
yep-

Y?

I think this attempt at inserting your computer into a network to proxy the traffic of the unaware will be thwarted by the advent of switches. They all have ARP tables to facilitate layer two switching.

Ho can you poison the ARP tables on the switches...

Your best bet would be to attempt to place your dual homed machine between networks.

HTH

-t
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Security

From novice to tech pro — start learning today.