In this tutorial, i will show that i used mininet to simulate the ARP attack environment.Emulation environment was discussed in the previous article.

H1 is user, constantly communicating with H2.
H4 is hacker, trying to eavesdrop on H1 and H2.

For the first step, you need to install some packages:

sudo apt-get install zlib1g zlib1g-dev
sudo apt-get install build-essential
sudo apt-get install ettercap

you can use this command sudo apt-get install ettercap-graphical if you have some problems.

Here is my topology.py

#!/usr/bin/env python
from mininet.cli import CLI
from mininet.net import Mininet
from mininet.link import Link,TCLink

if '__main__' == __name__ :
 net = Mininet(link=TCLink)
 h1 = net.addHost('h1', ip="192.168.10.1/24", mac="00:00:00:00:00:01")
 h2 = net.addHost('h2', ip="192.168.10.2/24", mac="00:00:00:00:00:02")
 h3 = net.addHost('h3', ip="192.168.20.1/24", mac="00:00:00:00:00:03")
 h4 = net.addHost('h4', ip="192.168.10.3/24", mac="00:00:00:00:00:04")
 r0 = net.addHost('r0')
 s0 = net.addHost('s0')
 net.addLink(h1, s0)
 net.addLink(h2, s0)
 net.addLink(s0, r0)
 net.addLink(r0, h3)
 net.addLink(s0, h4)
 net.build()
 r0.cmd("echo 1 > /proc/sys/net/ipv4/ip_forward")
 r0.cmd('ifconfig r0-eth0 192.168.10.254 netmask 255.255.255.0')
 r0.cmd('ifconfig r0-eth1 192.168.20.254 netmask 255.255.255.0')
 h1.cmd("ip route add default via 192.168.10.254 dev h1-eth0")
 h2.cmd("ip rotue add default via 192.168.10.254 dev h2-eth0")
 h3.cmd("ip route add default via 192.168.20.254 dev h3-eth0")
 h4.cmd("ip route add default via 192.168.10.254 dev h4-eth0")
 s0.cmd("brctl addbr br0")
 s0.cmd("brctl addif br0 s0-eth0")
 s0.cmd("brctl addif br0 s0-eth1")
 s0.cmd("brctl addif br0 s0-eth2")
 s0.cmd("brctl addif br0 s0-eth3")
 #s0.cmd("brctl setageing br0 0") 
 s0.cmd("ifconfig br0 up")
 CLI(net)
 net.stop()

1. i open h1 and h4 with xterm. h1 is talking to h2, but h4 can't hear it.
   
   

2. At this moment,i open the other h4 terminal and use this command ettercap -G to open ettercap.

3. Select the port you want to listen on
   
   4.Set 192.168.10.1 to TARGET1 --> which means to cheat 192.168.10.1 and I'm 192.168.10.2
   Set 192.168.10.2 to TARGET2 --> which means to cheat 192.168.10.2 and I'm 192.168.10.1
   
   
   5.Select ARP poisoning
   
   6.Press OK
   
   7.The moment when you press Ok, you will find that the h1-> h2 message has been monitored by h4!!
   
   8.you can use this command arp -n to verify whether arp is the host name.As you can see, although the different IP addresses have the same Mac Address!!
   
   9.Preventive measures:Set Static ARP!!
   
   After setting, h4 can't hear it !