史萊姆論壇 - 查看單個文章

b90220208 · 2015-09-21, 06:08 PM

您好,感謝各位,

以下是我用 wireshark 擷取資料中的 D-LINKin_df:9e:c2 根本不是區網中的真正 gateway(分享器)
,其冒用了 192.168.0.1 的 IP,並回覆我錯誤 MAC 位址來影響我的 ARP TABLE ...
我擷取了約 1 個多小時不斷重複這些 request/reply 動作...還是說我自己中毒了呢?

===============================================

No. Time Source Destination Protocol Length Info
8 0.000562000 D-LinkIn_df:9e:c2 AsustekC_50:60:e9 ARP 60 192.168.0.1 is at 78:54:2e:df:9e:c2

Frame 8: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Interface id: 0 (\Device\NPF_{8C870860-41BC-4FFE-9EFF-F23B18E4B432})
Encapsulation type: Ethernet (1)
Arrival Time: Sep 20, 2015 21:56:52.253064000 台北標準時間
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1442757412.253064000 seconds
[Time delta from previous captured frame: 0.000131000 seconds]
[Time delta from previous displayed frame: 0.000131000 seconds]
[Time since reference or first frame: 0.000562000 seconds]
Frame Number: 8
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:arp]
[Coloring Rule Name: ARP]
[Coloring Rule String: arp]
Ethernet II, Src: D-LinkIn_df:9e:c2 (78:54:2e:df:9e:c2), Dst: AsustekC_50:60:e9 (00:1d:60:50:60:e9)
Destination: AsustekC_50:60:e9 (00:1d:60:50:60:e9)
Address: AsustekC_50:60:e9 (00:1d:60:50:60:e9)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: D-LinkIn_df:9e:c2 (78:54:2e:df:9e:c2)
Address: D-LinkIn_df:9e:c2 (78:54:2e:df:9e:c2)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: ARP (0x0806)
Padding: 000000000000000000000000000000000000
[Duplicate IP address detected for 192.168.0.1 (78:54:2e:df:9e:c2) - also in use by bc:14:01:96:11:e1 (frame 3)]
[Frame showing earlier use of IP address: 3]
[Expert Info (Warn/Sequence): Duplicate IP address configured (192.168.0.1)]
[Duplicate IP address configured (192.168.0.1)]
[Severity level: Warn]
[Group: Sequence]
[Seconds since earlier frame seen: 0]
Address Resolution Protocol (reply)
Hardware type: Ethernet (1)
Protocol type: IP (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: reply (2)
Sender MAC address: D-LinkIn_df:9e:c2 (78:54:2e:df:9e:c2)
Sender IP address: 192.168.0.1 (192.168.0.1)
Target MAC address: AsustekC_50:60:e9 (00:1d:60:50:60:e9)
Target IP address: 192.168.0.23 (192.168.0.23)

2015-09-21, 06:08 PM	#13 (permalink)
b90220208 註冊會員榮譽勳章勳章總數0 UID - 299542 在線等級: 註冊日期: 2008-04-28 文章: 10 精華: 0 現金: 17 金幣資產: 17 金幣	您好,感謝各位, 以下是我用 wireshark 擷取資料中的 D-LINKin_df:9e:c2 根本不是區網中的真正 gateway(分享器) ,其冒用了 192.168.0.1 的 IP,並回覆我錯誤 MAC 位址來影響我的 ARP TABLE ... 我擷取了約 1 個多小時不斷重複這些 request/reply 動作...還是說我自己中毒了呢? =============================================== No. Time Source Destination Protocol Length Info 8 0.000562000 D-LinkIn_df:9e:c2 AsustekC_50:60:e9 ARP 60 192.168.0.1 is at 78:54:2e:df:9e:c2 Frame 8: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Interface id: 0 (\Device\NPF_{8C870860-41BC-4FFE-9EFF-F23B18E4B432}) Encapsulation type: Ethernet (1) Arrival Time: Sep 20, 2015 21:56:52.253064000 台北標準時間 [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1442757412.253064000 seconds [Time delta from previous captured frame: 0.000131000 seconds] [Time delta from previous displayed frame: 0.000131000 seconds] [Time since reference or first frame: 0.000562000 seconds] Frame Number: 8 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:arp] [Coloring Rule Name: ARP] [Coloring Rule String: arp] Ethernet II, Src: D-LinkIn_df:9e:c2 (78:54:2e:df:9e:c2), Dst: AsustekC_50:60:e9 (00:1d:60:50:60:e9) Destination: AsustekC_50:60:e9 (00:1d:60:50:60:e9) Address: AsustekC_50:60:e9 (00:1d:60:50:60:e9) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: D-LinkIn_df:9e:c2 (78:54:2e:df:9e:c2) Address: D-LinkIn_df:9e:c2 (78:54:2e:df:9e:c2) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: ARP (0x0806) Padding: 000000000000000000000000000000000000 [Duplicate IP address detected for 192.168.0.1 (78:54:2e:df:9e:c2) - also in use by bc:14:01:96:11:e1 (frame 3)] [Frame showing earlier use of IP address: 3] [Expert Info (Warn/Sequence): Duplicate IP address configured (192.168.0.1)] [Duplicate IP address configured (192.168.0.1)] [Severity level: Warn] [Group: Sequence] [Seconds since earlier frame seen: 0] Address Resolution Protocol (reply) Hardware type: Ethernet (1) Protocol type: IP (0x0800) Hardware size: 6 Protocol size: 4 Opcode: reply (2) Sender MAC address: D-LinkIn_df:9e:c2 (78:54:2e:df:9e:c2) Sender IP address: 192.168.0.1 (192.168.0.1) Target MAC address: AsustekC_50:60:e9 (00:1d:60:50:60:e9) Target IP address: 192.168.0.23 (192.168.0.23)

	送花文章: 4, 收花文章: 4 篇, 收花: 4 次