Turing
08-05-04, 02:01
大家觉得那个比较好用,今天我在家里查ARP病毒了,用了wireshark,抓包信息如下:
protocol info
ARP DNS address tell IP address1
ARP DNS address tell IP address 2
ARP DNS address tell IP address 1
ARP DNS address tell IP address 3
ARP DNS address tell IP address 6
个人感觉,从info角度来看,局域网没有ARP病毒,如果抓包如下情况:
15:01:53.597121 arp who-has 192.168.0.1 tell 192.168.0.2
15:01:53.597125 arp who-has 192.168.0.1 tell 192.168.0.2
15:01:53.617436 arp who-has 192.168.0.2 tell 192.168.0.2
15:01:53.617440 arp who-has 192.168.0.2 tell 192.168.0.2
15:01:53.637942 arp who-has 192.168.0.3 tell 192.168.0.2
15:01:53.637946 arp who-has 192.168.0.3 tell 192.168.0.2
15:01:53.658452 arp who-has 192.168.0.4 tell 192.168.0.2
15:01:53.658456 arp who-has 192.168.0.4 tell 192.168.0.2
15:01:53.678963 arp who-has 192.168.0.5 tell 192.168.0.2
15:01:53.678967 arp who-has 192.168.0.5 tell 192.168.0.2
15:01:53.699464 arp who-has 192.168.0.6 tell 192.168.0.2
说明用了ARP病毒,而且192.168.0.2成了伪网关了!
以上个人之见,望大家各自表态!
protocol info
ARP DNS address tell IP address1
ARP DNS address tell IP address 2
ARP DNS address tell IP address 1
ARP DNS address tell IP address 3
ARP DNS address tell IP address 6
个人感觉,从info角度来看,局域网没有ARP病毒,如果抓包如下情况:
15:01:53.597121 arp who-has 192.168.0.1 tell 192.168.0.2
15:01:53.597125 arp who-has 192.168.0.1 tell 192.168.0.2
15:01:53.617436 arp who-has 192.168.0.2 tell 192.168.0.2
15:01:53.617440 arp who-has 192.168.0.2 tell 192.168.0.2
15:01:53.637942 arp who-has 192.168.0.3 tell 192.168.0.2
15:01:53.637946 arp who-has 192.168.0.3 tell 192.168.0.2
15:01:53.658452 arp who-has 192.168.0.4 tell 192.168.0.2
15:01:53.658456 arp who-has 192.168.0.4 tell 192.168.0.2
15:01:53.678963 arp who-has 192.168.0.5 tell 192.168.0.2
15:01:53.678967 arp who-has 192.168.0.5 tell 192.168.0.2
15:01:53.699464 arp who-has 192.168.0.6 tell 192.168.0.2
说明用了ARP病毒,而且192.168.0.2成了伪网关了!
以上个人之见,望大家各自表态!