-
The IP address is used to represent the initiator and receiver of the communication, but when the data is really sent to which destination, the MAC address must be found according to the IP address, and the data can be delivered according to the MAC address in order to really send the data. Therefore, to confirm which IP is owned by which MAC address, you have to maintain a table, which is the ARP table The principle of ARP spoofing is to continuously send the ARP spoofing packet "I am a gateway" to the host in the local area network, so that there will be a record of "gateway IP --- attacker MAC" in the ARP cache table of the deceived host. Because the attacker's host has sent packets to the spoofed host, the ARP cache table of the spoofed host will have the record "Attacker's IP - Attacker's MAC".
Run -cmd and enter arp -a in the window, which is a command to query the cached arp table in the system. The ARP table is used to maintain a one-to-one correspondence between IP addresses and MAC addresses. If the MAC address corresponding to an IP address is the same as that corresponding to the gateway IP address, the IP address is the IP address of the host running P2P and other software.
For example: Internet address physical address type 00-01-02-9a-3f-5d dynamic 00-01-02-9a-3f-5d dynamic 00-e0-33-9b-0f-5c dynamic In this case, the host with IP is sending ARP spoofing packets (using P2P terminators, etc.). In this case, 00-01-02-9a-3f-5d is the attacker's MAC instead of the real MAC of the gateway.
As mentioned earlier, the principle of LAN communication is to deliver data according to the MAC address corresponding to the IP, and the MAC corresponding to the gateway IP is the MAC of the attacker, so the data will be sent to the attacker's host, and the attacker will then send the data to the gateway, so the attacker can control the traffic of each host and even view the data sent. It is more accurate to use it in combination with the arp -d command, which is used to clear the cached arp table in the system. P2P terminators have an "anti-firewall tracking option" that will trick some ARP firewalls into prompting the attacker's IP address to be the gateway IP when activated, and this method can accurately obtain the attacker's real IP.
-
I have the same question that I want to answer.
Because P2P will continue to send packets in the network to query the network status. This way everyone will be slow. Plus now the software is developed. >>>More
Definitely useful, I also have someone here who is using P2P control, I have no problem after turning on 360ARP. First of all, I will tell you how P2P controls other people's Internet speed, P2P is mainly an ARP attack that limits other people's Internet speed by hypocritically or tampering with ARP. If you install 360ARP, you can prevent others from using it to control your Internet speed, even if others turn on P2P, they can't control your Internet speed.
That's how the ARP virus came about
The P2P mode occupies a lot of bandwidth, like the current BT**, Thunderbolt, Electric Mule, Electric Snail, etc., P2P Terminator is to limit the bandwidth of this ** method or turn it off directly, in order to ensure the need for normal Internet bandwidth.
Absolute penetration, it is impossible to penetrate the thing, the following road oil is the role of the switch, does not play the function of road oil, the road oil can be used as a switch, the switch can not be used as road oil (common sense). >>>More