Re: arpwatch
From: Gunter Luyten (Gunter.Luyten_at_student.kuleuven.ac.be)
Date: 09/11/03
- Previous message: Kim Oppalfens: "RE: SUS Help"
- In reply to: zidan: "arpwatch"
- Next in thread: Zachary Mutrux: "RE: arpwatch"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 11 Sep 2003 11:26:05 +0200 To: security-basics@securityfocus.com
zidan wrote:
> hello,
>
> I have recently installed arpwatch on one of our servers. I understood
> arpwatch "learns" arp replies, but since arp replies are destined to a
> specific MAC and
> this is a switched network, how can arpwatch see all arp replies ?
>
>
> -Z
Hi,
ARP uses broadcast packets to discover which MAC address belongs to a
given IP address. Therefore the requests and also the replies are
received by every host on the network segment. Your network may be
switched, but broadcasts are still sent to every connected host.
Best regards,
Gunter
---------------------------------------------------------------------------
Captus Networks
Are you prepared for the next Sobig & Blaster?
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Precisely Define and Implement Network Security
- Automatically Control P2P, IM and Spam Traffic
FIND OUT NOW - FREE Vulnerability Assessment Toolkit
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------
- Previous message: Kim Oppalfens: "RE: SUS Help"
- In reply to: zidan: "arpwatch"
- Next in thread: Zachary Mutrux: "RE: arpwatch"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
