linux – How to interpret received packages, although not being destination host


  • Victim:
  • Attacker (also having SSH server installed):
  • SSH server:

I perform a succesfull ARP Spoofing attack (being obviously the attackers MAC address):

victim shell shown

But when I try to connect via ssh user@, instead of connecting to the attackers ssh server, it redirects the traffic to the real ssh server (or keeps waiting for this connection if
traffic redirect is disabled in attackers /proc/sys/net/ipv4/ip_forward file).

Is there any way I could interpret packages coming from an IP before redirecting to the original destination?

Thank you in advance.

Note: in case it’s relevant, im using dockers inside GNS3 inside a VM, those dockers being Ubuntu. This is the scheme:
enter image description here