问题描述:

I have a trouble in my network. Somebody in our network runs a sniffer. He gets all data packets. Actually he is a friend of mine. So what I want do is to only stop update my ARP table. like When he is sniffing, all the ARP tables of all machines always update. Does anybody know to stop this?

Thank you.

网友答案:

Actually this is the "ARP Vulnerability" problem. The person in your network uses the mechanism on MITM (Man in the Middle) attack to create a route so that the packets that u receive/send is intercepted by him, thus enabling it to sniff your packets. As far as I know this vulnerability has not been resolved because the ARP protocol is "trusting" , which means it does not validate ip-mac pair. Only way to stop is get him off the LAN :)

网友答案:

I don't quite understand your question. When he's sniffing, there should be no change on the ARP table of your machine. Is he sniffing (reading packets as they go through the network), or is he scanning (sending probes and/or strange packets to other machines)?

相关阅读:
Top