Security Basics mailing list archives
Re: arpwatch
From: Gunter Luyten <Gunter.Luyten () student kuleuven ac be>
Date: Thu, 11 Sep 2003 11:04:27 +0200
zidan wrote:
hello, I have recently installed arpwatch on one of our servers. I understood arpwatch "learns" arp replies, but since arp replies are destined to a specific MAC and this is a switched network, how can arpwatch see all arp replies ? -Z
Hi,ARP uses broadcast packets to discover which MAC address belongs to a given IP address. Therefore the requests and also the replies are received by every host on the network segment. Your network may be switched, but broadcasts are still sent to every connected host.
Best regards, Gunter ---------------------------------------------------------------------------Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------
Current thread:
- arpwatch zidan (Sep 10)
- Re: arpwatch Tomas Wolf (Sep 11)
- Re: arpwatch John T. Hollyoak (Sep 11)
- RE: arpwatch ted koenig (Sep 11)
- Re: arpwatch Mikkel Christensen (Sep 12)
- Re: arpwatch John T. Hollyoak (Sep 11)
- Re: arpwatch Tomas Wolf (Sep 11)
- Re: arpwatch Gunter Luyten (Sep 11)
- Re: arpwatch Gunter Luyten (Sep 11)
- RE: arpwatch Zachary Mutrux (Sep 11)
- Logical access controle to network segments and boxes MeaCulpa (Sep 11)
- Re: Logical access controle to network segments and boxes Tim Syratt (Sep 11)
- Logical access controle to network segments and boxes MeaCulpa (Sep 11)
- Re: arpwatch Mikkel Christensen (Sep 11)
- <Possible follow-ups>
- RE: Arpwatch J. Oquendo (Sep 11)
- RE: Arpwatch zidan (Sep 11)
- Re: arpwatch zidan (Sep 11)
- RE: arpwatch Tony Kava (Sep 11)
- RE: arpwatch Tony Kava (Sep 11)