00:0f:ea:d2:44:a4 192.168.1.1 - server MAC-IP pair 00:d0:b7:b5:ca:6b 192.168.1.10 - client MAC-IP pair 00:40:f4:53:e3:7d 192.168.1.66 - pirate MAC-IP pair de:ad:6b:a8:de:5b - ipguard fake MAC #### Normal ARP session ################################ ## request client gratuitous who-has 192.168.1.1 tell 192.168.1.1 requ client broadcast must not be answered ## request client -> server who-has 192.168.1.1 tell 192.168.1.10 requ client broadcast reply 192.168.1.1 is-at 00:0f:ea:d2:44:a4 resp server to client ## request server -> client who-has 192.168.1.10 tell 192.168.1.1 requ server broadcast reply 192.168.1.10 is-at 00:d0:b7:b5:ca:6b resp client to server #### Denied ARP by ipguard -n 2 fxp0 ################################ ## request pirate gratuitous who-has 192.168.1.66 tell 192.168.1.66 requ pirate broadcast reply 192.168.1.66 is-at de:ad:6b:a8:de:5b resp ipguard to pirate reply 192.168.1.66 is-at de:ad:6b:a8:de:5b resp ipguard to pirate reply 192.168.1.66 is-at de:ad:6b:a8:de:5b resp ipguard to pirate ## request pirate -> server who-has 192.168.1.1 tell 192.168.1.66 requ pirate broadcast reply 192.168.1.1 is-at 00:0f:ea:d2:44:a4 resp server to pirate reply 192.168.1.1 is-at de:ad:6b:a8:de:5b resp ipguard to pirate reply 192.168.1.1 is-at de:ad:6b:a8:de:5b resp ipguard to pirate reply 192.168.1.66 is-at de:ad:6b:a8:de:5b resp ipguard to pirate #### Denied ARP by ipguard -x -n 2 fxp0 ################################ ## request pirate gratuitous same as previous example ## request pirate -> server same as previous example ## request server -> pirate who-has 192.168.1.66 tell 192.168.1.1 requ server broadcast reply 192.168.1.66 is-at 00:40:f4:53:e3:7d resp pirate to server reply 192.168.1.66 is-at de:ad:6b:a8:de:5b resp ipguard to server reply 192.168.1.66 is-at de:ad:6b:a8:de:5b resp ipguard to server #### Denied ARP by ipguard -z -x -n 2 fxp0 ################################ ## request pirate (from client IP) gratuitous who-has 192.168.1.10 tell 192.168.1.10 requ pirate broadcast reply 192.168.1.10 is-at 00:d0:b7:b5:ca:6b resp client to pirate reply 192.168.1.10 is-at de:ad:6b:a8:de:5b resp ipguard to pirate reply 192.168.1.10 is-at de:ad:6b:a8:de:5b resp ipguard to pirate reply 192.168.1.10 is-at de:ad:6b:a8:de:5b resp ipguard to pirate who-has 192.168.1.10 tell 192.168.1.10 requ fix ipguard broadcast with client MAC-IP ## request pirate (from client IP) -> server who-has 192.168.1.1 tell 192.168.1.10 requ pirate broadcast reply 192.168.1.1 is-at 00:0f:ea:d2:44:a4 resp server to pirate reply 192.168.1.1 is-at de:ad:6b:a8:de:5b resp ipguard to pirate reply 192.168.1.1 is-at de:ad:6b:a8:de:5b resp ipguard to pirate reply 192.168.1.10 is-at de:ad:6b:a8:de:5b resp ipguard to pirate who-has 192.168.1.10 tell 192.168.1.10 requ fix ipguard broadcast with client MAC-IP ## request pirate gratuitous who-has 192.168.1.66 tell 192.168.1.66 requ pirate broadcast reply 192.168.1.66 is-at de:ad:6b:a8:de:5b resp ipguard to pirate reply 192.168.1.66 is-at de:ad:6b:a8:de:5b resp ipguard to pirate reply 192.168.1.66 is-at de:ad:6b:a8:de:5b resp ipguard to pirate who-has 192.168.1.66 tell 192.168.1.66 requ poison ipguard broadcast with fake MAC ## request pirate -> server who-has 192.168.1.1 tell 192.168.1.66 requ pirate broadcast reply 192.168.1.1 is-at 00:0f:ea:d2:44:a4 resp server to pirate reply 192.168.1.1 is-at de:ad:6b:a8:de:5b resp ipguard to pirate reply 192.168.1.1 is-at de:ad:6b:a8:de:5b resp ipguard to pirate reply 192.168.1.66 is-at de:ad:6b:a8:de:5b resp ipguard to pirate who-has 192.168.1.66 tell 192.168.1.66 requ poison ipguard broadcast with fake MAC ## $Id: README.tcpdump,v 1.1.1.1 2012/02/21 21:59:41 misho Exp $