What am I looking at?


I need some help deciphering this capture. mystery.capfile.cap (18.6 KB)

This is an assignment in a security class I’m taking and it’s driving me crazy. All I know thus far that this is a ping sweep of a modern switched network with many live hosts, no firewalls, no DMZ, no honeypot, no proxy router. ARP request are received and reply’s sent…however the .12 host does not receive the reply packets, and there’s no attack in progress. So why did the .69 reply get through to the .12 host?

Anyone? Thanks! :slight_smile:



From your file i see it was an ARP scanning. .69 replies because it’s working.