Ettercap ARP Poisoning

[nixor101]

Dear people

I would like to know if APR in Ettercap allows the eavesdropper to only intercept the data coming through and from
Target 1 and Target 2, or does it block TARGET2 from communication with TARGET1 entirely?

Method used:

I uses GUI Ettercap on ubuntu,
1. start ettercap as root
2. Sniff > unified sniffing > chooses interface
3. Start > Start sniffing
4. Hosts > scan for hosts
5. Hosts > Hosts list > add TARGET2(which is the main router/broadband modem) > add TARGET2 (victims)
6. Mitm > ARP poisoning >(Optional parameter) choose Sniff remote connections > ok
7. I sometimes use Wireshark together with ettercap as well.

So does this only intercept and carry on sending the data, or does it intercept the data and block the communication entirely?
I have searched on the net, haven't found much.

Advise, thanks.

[Goatboy]

The whole point of ARP poisoning is to intercept data in both directions. It would be somewhat silly if you could only get incoming data, or only get outgoing. This would immediately alert someone that there's something going on.

[nixor101]

The whole point of ARP poisoning is to intercept data in both directions. It would be somewhat silly if you could only get incoming data, or only get outgoing. This would immediately alert someone that there's something going on.

I see, I get them both ways. I just don't know if it intercepts the data from TARGET2, who's trying to access the internet through TARGET1, and blocks TARGET2 from accessing the net?

I don't want that to happen because as you say it would alert that there's something going on. cheers.

[fashizzlepop]

You are acting as a Man in the Middle. Usually, the man in the middle passes information both ways.

He may change some stuff though...

[Dwere134]

He may change some stuff though...

That's what makes it "poisoning" right?

[fashizzlepop]

Well, you aren't gassing them are you?