Re: How to check ARP cheat in Lan.
Anders Breindahl wrote:
> On Monday 18 July 2005 15:15, ???? wrote:
> > i am sorry that my english is poor/
> > in our company ,we have a software controling and Loging the Lan
> > activity. eg : we deny computer from factory mailing and using web ,and
> > loging it. the softeware is bebind the router ,is in the Lan. now we
> > bought a new router with double Wan by using ADSL,but we find some
> > problem between them. it is seem that they have confict.
> >
> > so i find some details though Google, i got information about the means
> > which the software work. it can prevent computers from using internet
> > by ARP cheating. so i want to find a software to check whether is it
> > work with ARP cheating.
> >
> > Linux is power in net,so i want to find a software can help me.
>
> O.k. I think that helped.
> I tried searching the web for ``ARP cheating'' and the first hit mentioned
> ``ARP spoofing''. There's a usual excellent article on Wikipedia on that:
>
> http://en.wikipedia.org/wiki/ARP_spoofing
>
> The Wikipedia article has a reference to Ettercap, which happens to be a
> network sniffer. I suspect Ettercap to be using ARP spoofing itself. This
> is however where my personal knowledge isn't enough.
>
> I guess that you would be able to set up another sniffer in your network,
> and in this way conclude whether packets reach their intended destination,
> or if false ARP replies are being sent on the network.
If all the OP wants is to watch for ARP spoofing, arpwatch might be a good
solution. It keeps a database of MAC/IP pairs, and watches for changes.
Adam
Reply to: