>I have a small question. I was reading about ARP Spoofing and here is my question.
> So when Node B is a attacker he catches the ARP Request and sends his > MAC address in reply to Node A. Node B can also send "gratuitous arp". Basically these are broadcasted arp replies without any request. Most hosts send gratuitous arp when they boot so that the neibourhood knows about them. > Q1.My Question is, Node C will also reply to that request of Node A. SO > now Node A has 2 different MAC for the same IP. How is Node A handling > this situation??? Usually, the last arp reply override the existing one. Some ip stack may decide to make arp replies to their own queries more reliable than gratuitous arps, I'm not sure wether a required behaviour is described in the rfcs. > Q2.The switch also updates its table of IP/MAC address bindings, so how > is switch handling this situation??? Switches are layer 2 devices, IP begins at layer 3. A -switch- usually doesn't understand a single ip bit. The management side of the switch (snmp, http, telnet, whatever) are to be considered as any other networked host. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
