Windows and ARP tables + MITM = DOS
I've been screwing around with ettercap the past couple of days and I just figured out what all of my problems are: the ARP poisoning in ettercap. I'm using Backtrack to sniff a Windows machine and everytime I activate the ARP poisoning, Windows takes a dump. It's XP SP2 fully updated. Here's my arp cache:
192.168.1.1 00-06-f4-0c-36-4d dynamic
192.168.1.102 00-06-f4-0c-36-4d dynamic
192.168.1.106 00-06-f4-0c-36-4d dynamic
However, if I just run the filter and not enable ARP poisoning, the filter runs fine! I have specified my IP (192.168.1.100) in the Target 1 field and left Target 2 empty. By doing that, am I leaving a open loop (traffic comes to me, but doesn't get forward back to the machine)? Anyways, why does Windows just crap out?