- Attacker (also having SSH server installed):
- SSH server:
I perform a succesfull ARP Spoofing attack (being obviously the attackers MAC address):
But when I try to connect via
ssh firstname.lastname@example.org, instead of connecting to the attackers ssh server, it redirects the traffic to the real ssh server (or keeps waiting for this connection if
traffic redirect is disabled in attackers
Is there any way I could interpret packages coming from an IP before redirecting to the original destination?
Thank you in advance.
Note: in case it’s relevant, im using dockers inside GNS3 inside a VM, those dockers being Ubuntu. This is the scheme: