https://en.cnki.com.cn/Article_en/CJFDTotal-SCLH200803028.htm
The sender IP/MAC is sending it to a certain destination which has not requested any information. Is the information simply in transit? But it should not be, as the Target IP Address has not requested that information.
The ARP reply does not have the signs of being gratuitous. The receiver IP did not send out a "who is" before getting it.
Am I still simply intercepting something intended for someone else? If so, why is the target IP my own?
This is from analyzing a PCAP file.
In disclaimer---Yes this is homework. Yes I have looked into this. All I have been able to find on the topic is the above link on an algorithm to detect suspicious behavior...but is that the case? I am at a loss here...
No comments:
Post a Comment