Hello everyone,
I'm new to pen-testing and I have troubles to perform a MITM attack on my own network.
I used the following commands :
sysctl -w net.ipv4.ip_forward=1
arpspoof -i wlan0 -t 192.168.1.17 -r 192.168.1.1
where 192.168.1.17 is the target ip and 192.168.1.1 is the router ip.
When I ran the second command with my phone as the target, I saw a message saying that there is a suspicious activity on the network, so I supposed it was working correctly.
After doing that, the target machine still has access to the internet, but when I try to sniff the traffic with wireshark and I visit a website on the target machine, I don't see any HTTP packet coming from it. However, I can see all the fake ARP packets. I don't understand why I can't see the HTTP request.
I looked at the arp table on the target machine, and I correctly see the router ip associated to the attacker mac address. (I don't know how to check the arp table of the router)
I also tried to deactivate the ip forwarding by doing sysctl -w net.ipv4.ip_forward=0.
If my understanding is correct, the target machine shouldn't have access to the internet anymore, but actually it has. I can still visit some website without any problem. This is what confuse me the most.
If anybody is able to help me understand what I missed, it would be really helpful.
Thank you in advance.
PS : I'm sorry if my English is bad.
