我正在 Kali linux 主机中使用 KVM Qemu,并尝试练习 ARP 欺骗。在 Kali linux(连接到有线以太网)中,我设置了以下配置(来自我遵循的教程)/etc/network/interfaces将我的 KVM 虚拟机配置为使用桥接网络模式。
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
auto br0
iface br0 inet static
address 192.168.10.12
broadcast 192.168.10.255
netmask 255.255.255.0
gateway 192.168.10.1
bridge_ports eth0
bridge_stp off
bridge_waitport 0
bridge fd 0
ip a为了提供更多信息,以下是在我的主机上运行的结果:
└─$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP group default qlen 1000
link/ether 10:7b:44:35:45:29 brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 56:1b:f4:e4:1e:67 brd ff:ff:ff:ff:ff:ff permaddr 34:f6:4b:ff:c2:01
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 10:7b:44:35:45:29 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.12/24 brd 192.168.10.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::127b:44ff:fe35:4529/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:07:00:25 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
6: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UNKNOWN group default qlen 1000
link/ether fe:54:00:d6:07:c1 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fed6:7c1/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
7: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UNKNOWN group default qlen 1000
link/ether fe:54:00:f4:dd:55 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fef4:dd55/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
现在,在创建 KVM 虚拟机时,我将其设置为使用桥接的网络模式,如下图所示。
然后在虚拟机内部,我通过在文件192.168.10.301中执行以下配置为其提供静态 IP :/etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
#The primary network interface
allow-hotplug enp1s0
iface enp1s0 inet static
address 192.168.10.30
netmask 255.255.255.0
gateway 192.168.10.1
主机和虚拟机可以互相ping通。但是,当我尝试运行时arpspoof通过执行sudo arpspoof -i eth0 -t 192.168.10.30 192.168.10.1在主机上,我得到arpspoof: couldn't arp for host 192.168.10.30。问题是为什么以及我该如何解决它?
我尝试过的:
当然,我在发帖之前尝试搜索它,我发现了大量的结果,包括这个论坛上的结果,但它们是针对 VMWare 或 Virtual Box 的,OP 要么尝试跨不同的子网,要么不会采用桥接模式网络等。我负责所有这些事情。
答案1
eth0现在是一个桥接端口,不再是一个独立的接口:因此它不再参与 IP 或 ARP 协议。现在使用的界面是br0:
sudo arpspoof -i br0 -t 192.168.10.30 192.168.10.1
在运行时应该让虚拟机在运行时看到 192.168.10.1,其 MAC 地址为 10:7b:44:35:45:29(在 上的 MAC 地址br0,本身是从 复制的eth0,而不是路由器的 MAC 地址)ip neigh show 192.168.10.1,从而允许主机拦截从虚拟机发送到路由器的 IPv4(通过以太网)流量(使用其他工具)。
注意:路径中的网桥可能允许其他方法拦截流量而不是 ARP 欺骗,但我知道这是为了测试 ARP 欺骗。