Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: arpwatch

From: Mikkel Christensen <mike () unifix org>
Date: Thu, 11 Sep 2003 15:32:23 +0200
Arp requests are broadcasted, your tcpip stack is shouting out (Who has ip x.x.x.x) and the other end shouts back (i 
have and i am xx:xx:xx:xx:xx:xx) 
these informations are by defination broadcasted. I gues its to allow other hosts to lisent for the arp packets and 
buffer them to faster lookup IP's.

   mike


On Wed, 10 Sep 2003 09:33:00 -0800
"zidan" <zidan00 () fastmail fm> wrote:


hello,

I have recently installed arpwatch on one of our servers. I understood
arpwatch "learns" arp replies, but since arp replies are destined to a
specific MAC and
this is a switched network, how can arpwatch see all arp replies ?


-Z
-- 
  zidan
  zidan00 () fastmail fm

-- 
http://www.fastmail.fm - Sent 0.000002 seconds ago

---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------





-- 

---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: