ARP (Address Resolution Protocol) is an acronym for the Address Resolution Protocol. Its basic function is to transmit the data prior to the target host IP address is converted to MAC, address to the associated physical network complete geographical address, to ensure that the two hosts can communicate. Any installed a host TCP / IP protocol will exist ARP cache table, which holds the MAC address corresponding to each host in the LAN.
ARP spoofing feature is the machine address information corresponding to the gateway to be deceived, it had the correct address is illegally tampered with, altered themselves acting as a gateway to achieve ARP spoofing. There are problems on the computer the query ARP cache table will find the gateway IP address corresponding to the MAC address and not the same as normal, the correct MAC address has been tampered with.
Generally speaking, ARP spoofing is not the network can not communicate properly, but by posing as a gateway or another host or gateway enables traffic to be forwarded through the host's attacks. Traffic can be controlled and viewed by forwarding traffic, to control the flow or get important information.
Find ARP spoofing host:
1. We can use the Sniffer killer ARPkiller scan the entire LAN IP segment, and then look at the computer in promiscuous mode, you can find each other, and the tests are complete, if the corresponding IP green hat icon, indicating that the IP in the normal mode, if it indicates that the card is Red Hat in promiscuous mode.
2. Use the tracert command, run under the DOS command window on any of the affected host the following command: tracert 61.135.179.148. Assumes the default gateway set to 10.8.6.1, when a track outside the network address, the first jump is 10.8.6.186, then, 10.8.6.186 is the source of the virus. Principle: poisoning the host between the affected hosts and gateways, played the role of middleman. All this should arrive gateway packet due to an error of the MAC address, it is sent to the host poisoning. At this point, the host pre-empt the poisoning, played a role of the default gateway.
The method of processing ARP spoofing attacks in two ways.
First, the longest way is to use the IP address and MAC address binding, can be on the host and gateway routers to avoid the two-way binding ARP spoofing attack.
Binding on the host gateway router IP and MAC address, can be achieved by "arp -s" command.
Second, the use of ARP firewall, automatic attacks against ARP spoofing and ARP.
Commonly used to break ARP firewall technology:
non-stop contract to the gateway (dozens of times per second), I really said to the gateway machine, avoid other machines posing as the machine. (For example, the target machine is A You're B you say to the gateway I was A), due to the high you send frequency, so in a very short period of time, the gateway believe you are the victim machine, normal data packet so that the target host is on send over.
Part of the contents from the network.
TA: Madina
Reprinted: http://www.ie-lab.cn/