How does man in the middle work on a network level?

I want to write a small program for ARP poisoning but I do not know where in the network the attacker has to be.

I have a network consisting of a victim, an attacker and a switch. If the attacker and the victim are both connected to the switch, the answer from the switch will arrive faster than the attack from the attacker. Therefore, I guess the attacker needs to be between the victim and the switch. All packets are inspected, ARP requests are filtered out and a "wrong" answer is sent back.

However, in such a case, what kind of network settings are necessary on the attackers device?

Example network: Switch = 192.168.1.1 Attacker = 192.168.1.2 Victim = 192.168.1.3

Switch <—— >Attacker <——> Victim

So the attacker needs to have 192.168.1.3 on its "left" and 192.168.1.1 on its "right" side? What kind of routing is necessary to make it work?

Touch here for the full post on Network Security Noblemen tumblr

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s