So I am trying to detect ARP poisoning, and really need some help. Let's say that my computer is the victim of arp poisoning. So, when the router sends some information destined for my computer, it will first go to the malicious host. I assume he has IP routing enabled so that he does not deny me connection. I then use a packet sniffer to unpack the packet sent. Whose MAC address will be the source MAC address of the packet, the router or the malicious host?
Basically, does IP routing change the L2 header or not?
Thanks in advance guys.
No comments:
Post a Comment