Urgent how to find out which computer in the LAN is being packaged, and how to solve it after findin

Open AntiARP

Sniffer, check whether the gateway address is automatically obtained in the [Manage] column on the right, if not, manually enter the gateway address, and then click [Fetch MAC]. After the MAC address is obtained, click [Auto Protection]! As shown in Fig

2.After running for a period of time, if the prompt "ARP spoofing packet found" is displayed, you can see that the MAC address of the spoofing machine is the address of the machine that has been infected with the ARP virus in the "Spoofing Data Details". 3.

Arrive. ** "Cyber Enforcement Officer". Enter the IP address range of the LAN in Specify Monitoring Scope, and then click Add Modify. After the addition is completed, click [OK] below to return to the main interface, and you can see the private IP of each 2 computer

Username and MAC address. At this time, as long as you find the intranet IP corresponding to the MAC address found above, you will know which computer has been infected with the ARP virus! 4.

**Copy the ARP virus on the machine, unzip it, then run it, and after the scan is complete, you can remove the infected ARP virus! ps.If you are a single-player user and you suspect that you have the ARP virus, you just need to follow the steps in step 4!

In Internet Explorer, click on Tools --Internet Options.

Click Connect - and then click on the Local Area Network (LAN) settings below.

Local Connection... Right-click Neighbor on the Net - > property.

After the network is disconnected, enter cmd. under Run on the machine that is disconnected

Enter the arp space -a

Check whether the MAC address behind the gateway IP is the MAC address of the router's intranet port (usually this address is pasted under the router box).

Probably not, so you can find out whose machine in the network is this MAC address, which is the ARP broadcast sent by this machine.

Next 360 Firewall.

Or Kingsoft 2008 also has an ARP tool.

Just install it on one machine.

Register the MAC address of the computer in the local area network, and then check the corresponding information between IP and MAC in the DHCP allocation information, and you can locate it. It's also a good idea to use domain management.

What about displaying usernames? A lot of computers on a LAN have similar names, and you can't know the username of each computer

Just knowing the IP cannot locate the specific machine.

Only when the MAC address of the machine is recorded can you tell that it is the machine. Because the MAC address is unique and fixed. IP addresses may be exploited by viruses to trick routers. For example, ARP attacks.

It's easier to type cmd and then arp -a.

Start --- run ---cmd --- enter "arp -a" enter.

You can see the IP address of the computer and the corresponding MAC address for local communication.

Take that IP address and check it on a computer, and you can find it!

Use the Kolai network analysis system to view.

Under the analysis, you can see the contracting situation of each computer.

Pay attention to register.,If you don't register, then look for a cracked version.,Or you can't see it and say I'm lying to you!

It should also be noted that the network cable of the computer used for monitoring must be connected to the mirror port to be fully monitored, otherwise it may not be complete, and only part of it can be seen!

There are two types of ARP spoofing: one is to spoof the router ARP table, which intercepts gateway data. Notify the router of a series of wrong intranet MAC addresses, and continue to do so according to a certain frequency, so that the real address information cannot be saved in the router through updating, and as a result, all the data of the router can only be sent to the wrong MAC address, resulting in the normal PC cannot receive the information, resulting in disconnection or inability to access the Internet when surfing the Internet; The other is gateway spoofing of the intranet PC, spoofing the MAC address of the gateway, sending ARP packets to deceive other clients, and letting the PC deceived by it send data to the fake gateway, instead of accessing the Internet through the normal router, resulting in disconnection or failure to access the Internet when surfing the Internet.

Method 1: On the machine that receives the ARP spoofing, enter "cmd" in Start--Run, go to ms-dos, and enter the "arp -a" command through the command line window to view the ARP list. You will find that the MAC has been replaced with the MAC that attacked the machine, record the MAC (in case you need to find it), and then find out the computer with the virus based on this MAC.

Method 2: Use a third-party packet capture tool (such as SNIFFER or AntiARP) to find the IP address that sends the most ARP packets on the LAN, and you can also determine the computer with the virus.

You can use Snifer or Wireshark packet capture software to catch ARP packets, and ARP broadcast packets or viruses cannot be attacked across subnets. So you can open the capture package directly on your own computer, and the subnet is not necessarily the standard 24-bit, depending on your network. You can directly capture the packet to know which MAC address under the same subnet is sending packets.

Maybe also find out which IP through the Lansee software.

You can use the dos command netstat -n to check the port status of your connected machine.

Use software such as a firewall (e.g., Kaspersky Internet Full) or Longhorn Network Monitor (Network Terminator) to view the specific contracting machine.

It is recommended to use 360 Security Guard to enable the ARP protection function.

SNIFF to see which IP sends the most packets, just click on the "column" icon on the toolbar.

Install an ARP firewall to monitor if someone is attacking from outside.

Or if you have a server, you can arm the network version of the antivirus, and the whole network can be controlled in a unified manner.

The machine on the LAN is poisoned, and the poisoned machine will broadcast packets to the entire LAN or send ARP attacks to disguise itself as a gateway. In this case, you can turn on all the machines, wait for a while, open a random web page on a machine that is confirmed to be non-toxic, and then check the ARP cache to see "arp -a"."There will usually only be IP and MAC records of the gateway in the list, and there will be no other machines, and if there are other records, the machines represented by those records will usually have some problems.

This method is a tricky method, and if you open other LAN applications, you may also store information about other machines in the ARP cache table.

Call! I'm tired, give me the best.

Ordinary router commands can't do that.

You can use P2Pover to view or throttle your network speed in real time.

Use Start — Run ping -t to see your own traffic, not to others.

To view the real-time traffic of all computers, you need to go to the relevant function items in the router.

Find a computer, log in to the router management interface with web login, enter the authorized user account, and enter the configuration interface.

Depending on the router, you can find the system status or the intranet monitoring in the system tool to view the real-time traffic and total traffic of any computer in the intranet, as well as the number of web pages visited.

Then you can use your Jusheng network management back.