日期:2014-05-16  浏览次数:20678 次

是不是中了arp攻击了?
下面是我tcpdump后得出的结果,显然:
网关192.168.0.1不断地发出arp包,询问192.168.0.1的MAC地址,这样,不就是不断问自己的MAC地址吗?
为什么会出现这种情况?通常什么情况下会出现这种情况?


21:57:47.197761 arp who-has 192.168.0.1 (ff:ff:ff:ff:ff:ff) tell 192.168.0.1
21:57:47.311505 arp who-has 192.168.0.1 (ff:ff:ff:ff:ff:ff) tell 192.168.0.1
21:57:47.423329 arp who-has 192.168.0.1 (ff:ff:ff:ff:ff:ff) tell 192.168.0.1
21:57:47.551858 arp who-has 192.168.0.1 (ff:ff:ff:ff:ff:ff) tell 192.168.0.1
21:57:47.645913 arp who-has 192.168.0.1 (ff:ff:ff:ff:ff:ff) tell 192.168.0.1
21:57:47.737078 IP 192.168.1.251 > 192.168.1.1: ICMP echo request, id 26891, seq 274, length 64
21:57:47.738049 IP 192.168.1.1 > 192.168.1.251: ICMP echo reply, id 26891, seq 274, length 64
21:57:47.748125 arp who-has 192.168.0.1 (ff:ff:ff:ff:ff:ff) tell 192.168.0.1
21:57:47.857778 arp who-has 192.168.0.1 (ff:ff:ff:ff:ff:ff) tell 192.168.0.1
21:57:47.977038 arp who-has 192.168.0.1 (ff:ff:ff:ff:ff:ff) tell 192.168.0.1
21:57:48.078891 arp who-has 192.168.0.1 (ff:ff:ff:ff:ff:ff) tell 192.168.0.1
21:57:48.126502 IP 192.168.0.9.1004 > 255.255.255.255.1004: UDP, length 47
21:57:48.187794 arp who-has 192.168.0.1 (ff:ff:ff:ff:ff:ff) tell 192.168.0.1
21:57:48.307028 arp who-has 192.168.0.1 (ff:ff:ff:ff:ff:ff) tell 192.168.0.1
21:57:48.408655 arp who-has 192.168.0.1 (ff:ff:ff:ff:ff:ff) tell 192.168.0.1
21:57:48.517692 arp who-has 192.168.0.1 (ff:ff:ff:ff:ff:ff) tell 192.168.0.1
21:57:48.630363 arp who-has 192.168.0.1 (ff:ff:ff:ff:ff:ff) tell 192.168.0.1
21:57:48.737107 IP 192.168.1.251 > 192.168.1.1: ICMP echo request, id 26891, seq 275, length 64
21:57:48.738332 IP 192.168.1.1 > 192.168.1.251: ICMP echo reply, id 26891, seq 275, length 64
21:57:48.738351 arp who-has 192.168.0.1 (ff:ff:ff:ff:ff:ff) tell 192.168.0.1
21:57:48.847646 arp who-has 192.168.0.1 (ff:ff:ff:ff:ff:ff) tell 192.168.0.1
21:57:48.966726 arp who-has 192.168.0.1 (ff:ff:ff:ff:ff:ff) tell 192.168.0.1
21:57:49.017832 IP 192.168.0.9.137 > 192.168.0.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
21:57:49.068680 arp who-has 192.168.0.1 (ff:ff:ff:ff:ff:ff) tell 192.168.0.1
21:57:49.177765 arp who-has 192.168.0.1 (ff:ff:ff:ff:ff:ff) tell 192.168.0.1
21:57:49.296675 arp who-has 192.168.0.1 (ff:ff:ff:ff:ff:ff) tell 192.168.0.1
21:57:49.398595 arp who-has 192.168.0.1 (ff:ff:ff:ff:ff:ff) tell 192.168.0.1

------解决方案--------------------
表面上是网关不断的问自己的地址MAC,

其实它的作用是:网关不断的向往内所有机子广播自己的MAC地址