0

I'm currently facing an issue while trying to test my Python-based ARP spoofing program in a Kali Linux virtual machine running on VirtualBox on my PC. The VM is connected to my network using a network bridge, allowing me to reach other devices on my network. However, I'm encountering a problem when I attempt to launch the ARP spoofing program and attack my laptop within the network.

The issue I'm experiencing is that once the ARP spoofing starts running, the ARP cache of my laptop gets updated with the MAC address of my PC (where VirtualBox is running), but it does not update with the MAC address of the Kali Linux VM, which can be found using "ifconfig" within the VM. It does update with the MAC address of my PC. As a result, my laptop loses internet connectivity. Whenever I try to access a website in the browser, nothing happens.

Some additional things to consider: I don't have an additional Wi-Fi stick for my Kali Linux VM. IP forwarding was enabled before starting ARP spoofing and remained active throughout the process. The program works fine with all other VMs used as victims in the NAT-network-network. I also disabled my antivirus system on the laptop. It's not just my custom ARP spoofing program that is not working, but also the arpspoof tool from the Kali Linux tools.

Why does this happen?

Improve this question
5
  • Is your PC (the one with the Kali VM on it) connected to the network using Ethernet or Wi-Fi?
    – grawity_u1686
    Commented Jul 12, 2023 at 21:22
  • If Wireless, does Kali support the particular WiFi if a separate card?
    – anon
    Commented Jul 12, 2023 at 22:24
  • @u1686_grawity my pc with the vm on it is connected via wifi to my home router.
    – christofeckerlin
    Commented Jul 13, 2023 at 6:44
  • @John how can i check this?
    – christofeckerlin
    Commented Jul 13, 2023 at 6:47
  • Look in the Kali Network settings. I use a Panda Wireless USB card.
    – anon
    Commented Jul 13, 2023 at 10:26

1 Answer 1

Reset to default
0

Wi-Fi client devices cannot send frames from more than one MAC address. The MAC of the radio that connected to the AP is implicitly the MAC of the frames that are sent.

To deal with this, VirtualBox "bridge" driver has to perform L2 NAT – it rewrites the frames coming from VMs to have your host system's MAC in the header, and it rewrites ARP requests and responses accordingly. Your VM thinks it's bridged but the rest of your LAN only sees a single MAC address.

To use a VM as a gateway you'll need either a dedicated Wi-Fi interface for the VM or a wired Ethernet connection for the VM host.

Improve this answer
1
  • So the solution would be a alfa wifi stick for my vm for example?
    – christofeckerlin
    Commented Jul 13, 2023 at 7:54

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .