N$2\mathrm{.}16.$ In an MITM attack, the attacker M tries to intercept the communication between A and

$B$ that are on the same LAN. Please describe what M needs to do$,$ so it can modify the

packets from $A$ to $B.$

N$2\mathrm{.}17.$ In the MITM attack described in the book, the attacker M uses the ARP cache poison$-$

ing attack to redirect the A$-$to$-$B packets to M$.(1)$ If the IP forwarding on the attacker

machine $M$ is turned off, what will happen to the packets? $(2)$ If the IP forwarding on

$M$ is turned on$,$ what will happen to the packets? $(3)$ If the attacker wants to modify the

packet, should the attacker turn on or off the IP forwarding.

N$2\mathrm{.}18.$ In the MITM attack described in the book, the attacker M uses the ARP cache poisoning

attack to redirect the A$-$to$-$B packets to M$.$ How does the attacker get this packet?

N$2\mathrm{.}19.$ In the MITM attack code, the attacker tries to modify the packets from A to B$.$ After

intercepting such a packet, the attacker makes a copy of the packet, and then does the

following. Why does the attacker have to delete the IP and TCP checksums?

newpkt $=IP(bytes(pkt[IP]))$

del $(newpkt.$chksum$)$

del $(newpkt[TCP].$chksum$)$

N$2\mathrm{.}21.$ Machines A$,$ B$,$ and M are on the same LAN, and their IP addresses and MAC

addresses are listed below.

$A^{\text{'}}SIP$: $10*9*0\mathrm{.}5$

$B^{\text{'}}SIP$: $10*9*0\mathrm{.}6$

$M\text{'}sIP$: $10\mathrm{.}9*0\mathrm{.}9$

$A\text{'}s$ MAC address:

$aa$:$bb$:$cc$:$dd$:$ee$:$05,B^{\text{'}}s$ MAC

address: $aa$:$bb$:$cc$:$dd$:$ee$:$06M^{\text{'}}s$

The attacker on M wants to use the ARP cache poisoning to launch the MITM $($Man$-$

In$-$ The$-$Middle$)$ attack against A and B$,$ i$.$e$.,$ intercepting the communication between

A and

B$.$ To achieve this goal, the attacker wants to use the following program to send spoofed

ARP requests. Please complete the code.

# Constructing spoofed ARP request to Host A

ether$1=$ Ether $($dst $=$

arp$1=$ARP$(op=1)$

arp$1.$psrc $-\_$ # An IP address

arp$1.$hwsrc $-$ # An Ethernet address

arp$1.$pdst $=$ # An IP address

sendp$($

# Constructing spoofed ARP request to Host B

ether$2=$ Ether $($dst $=$

arp$2=$ARP$(op=1)$