Forum Thread: Metasploit Pivoting + Ettercap

Not surprising that you failed. To travel from a subnet to another a packet need a layer 3 protocol (networking layer) however when you look at a ARP frame what do you see ? An ethernet part and the ARP part that all. No IP part for networking. So ARP packet can't be send to another network : They can exist only in your LAN.

That's why your ARP Poisoning attack won't work : You can't send ARP packet to a target that is on a different LAN, directly.

@WhichHat Thanks for the answer, i just understood two things:
1) What i tried to accomplish was impossible :)
2) I dont understand nothing about networking protocols :)

Anyway, do you think with another approach, like setting up a VPN in some way in the remote machine, i could accomplish an ARP Poisoning attack ?

What i'm trying to understand is just if is possible to get access to the other machines of the subnet in a easier way after compromise the first, like using a MITM attack using the compromised machine as "bridge" from my net and their net.

Sorry if the question sound stupid but i'm a newbie with a lot of curiosity :D

Yes, it's possible : once you have the hand the box as root you can do anything.

The idea would be to order the compromised machine to perform a ARP Poisoning for you. You don't need a VPN (because you already have the remote control on the box) but you'll probably need to install a few hacking tool on the compromised machine : I would be really surprised to find an Ettercap on a Server host, for example.