网纵论坛

标题: 善用路由管理运行日志排查arp等掉线原因 [打印本页]

作者: zhangzhiying    时间: 2013-7-17 19:59
标题: 善用路由管理运行日志排查arp等掉线原因
查看系统运行日志
  arp: 00:30:67:9a:98:e8 is using my IP address 192.168.1.254 on em5!
  arp: 192.168.1.8 moved from 00:30:67:9a:98:e8 to 00:30:67:9a:96:ae on em5
  arp: 192.168.1.9 moved from 00:30:67:9a:98:e8 to 00:30:67:9a:96:ae on em5
  arp: 192.168.1.31 moved from 00:30:67:9a:98:e8 to 00:30:67:9a:96:ae on em5
  arp: 192.168.1.34 moved from 00:30:67:9a:98:e8 to 00:30:67:9a:96:ae on em5
  arp: 192.168.1.42 moved from 00:30:67:9a:98:eb to 00:30:67:9a:96:ae on em5
  arp: 192.168.1.230 moved from 00:30:67:9a:98:e8 to 00:30:67:9a:96:ae on em5
  arp: 192.168.1.235 moved from 00:30:67:9a:98:e8 to 00:30:67:9a:96:ae on em5
  arp: 192.168.1.236 moved from 00:30:67:9a:98:e8 to 00:30:67:9a:96:ae on em5
  arp: 192.168.1.240 moved from 00:30:67:9a:98:e8 to 00:30:67:9a:96:ae on em5
  arp: 192.168.1.241 moved from 00:30:67:9a:98:e8 to 00:30:67:9a:96:ae on em5
  arp: 192.168.1.242 moved from 00:30:67:9a:98:e8 to 00:30:67:9a:96:ae on em5
  arp: 192.168.1.243 moved from 00:30:67:9a:98:e8 to 00:30:67:9a:96:ae on em5
  arp: 192.168.1.244 moved from 00:30:67:9a:98:e8 to 00:30:67:9a:96:ae on em5
  arp: 192.168.1.245 moved from 00:30:67:9a:98:e8 to 00:30:67:9a:96:ae on em5
  arp: 192.168.1.250 moved from 00:30:67:9a:98:e8 to 00:30:67:9a:96:ae on em5
  arp: 192.168.1.251 moved from 00:30:67:9a:98:e8 to 00:30:67:9a:96:ae on em5
  arp: 192.168.1.252 moved from 00:30:67:9a:98:e8 to 00:30:67:9a:96:ae on em5

首先第一条 红色部份可能是内网机器(mac地址:00:30:67:9a:98:e8)这台机器和流控的lan口IP冲突
下面的几条IP不同mac相同的让是示很可能就是内网机器  (mac地址: 00:30:67:9a:98:e8 )这台机器中了arp病毒重点排查 mac地址为00:30:67:9a:98:e8的机器。
流控功能有MAC管控做arp防护 ,功能界面预览。。
教程请在论坛搜索“MAC”和“arp”







欢迎光临 网纵论坛 (http://bbs.webcache.com/) Powered by Discuz! X3.2