这是不是病毒?
下面是 tcpdump 抓到的单位局域网的 arp 请求, 前面的 ip 都是不存在的。我觉得的是病毒产生的随机 ip,不过没有完全把握。另外,一秒钟这么多广播正常吗?
18:34:44.265766 arp who-has 10.122.81.219 tell 10.122.35.21
18:34:44.265797 arp who-has 10.122.133.103 tell 10.122.35.21
18:34:44.308372 arp who-has 10.122.216.73 tell 10.122.33.238
18:34:44.308387 arp who-has 10.122.153.157 tell 10.122.33.238
18:34:44.308413 arp who-has 10.122.16.84 tell 10.122.33.238
18:34:44.312558 arp who-has 10.122.89.194 tell 10.122.19.133
18:34:44.344481 arp who-has 10.122.20.89 tell 10.122.35.21
18:34:44.344708 arp who-has 10.122.197.154 tell 10.122.35.21
18:34:44.351985 arp who-has 10.122.37.113 tell 10.122.3.73
18:34:44.381633 arp who-has 10.122.95.124 tell 10.122.20.61
18:34:44.400907 arp who-has 10.122.140.169 tell 10.122.33.238
18:34:44.405923 arp who-has 10.122.113.3 tell 10.122.33.238
18:34:44.408366 arp who-has 10.122.195.111 tell 10.122.33.238
18:34:44.418929 arp who-has 10.122.249.15 tell 10.122.33.238
18:34:44.421984 arp who-has 10.122.69.218 tell 10.122.19.133
18:34:44.428794 arp who-has 10.122.199.103 tell 10.122.3.76
18:34:44.429098 arp who-has 10.122.231.136 tell 10.122.33.238
18:34:44.434105 arp who-has 10.122.56.225 tell 10.122.33.238
18:34:44.453589 arp who-has 10.122.204.11 tell 10.122.35.20
18:34:44.453629 arp who-has 10.122.112.26 tell 10.122.35.20
18:34:44.453658 arp who-has 10.122.105.123 tell 10.122.35.20
18:34:44.453687 arp who-has 10.122.168.141 tell 10.122.35.20
18:34:44.454113 arp who-has 10.122.155.79 tell 10.122.35.20
18:34:44.454116 arp who-has 10.122.71.82 tell 10.122.35.20
18:34:44.454120 arp who-has 10.122.5.98 tell 10.122.35.20
18:34:44.454133 arp who-has 10.122.41.64 tell 10.122.35.20
18:34:44.454157 arp who-has 10.122.252.13 tell 10.122.35.20
18:34:44.454160 arp who-has 10.122.218.54 tell 10.122.35.20
18:34:44.454164 arp who-has 10.122.91.121 tell 10.122.35.20
18:34:44.454177 arp who-has 10.122.149.197 tell 10.122.35.20
18:34:44.454197 arp who-has 10.122.40.179 tell 10.122.35.20
18:34:44.454200 arp who-has 10.122.199.22 tell 10.122.35.20
18:34:44.454203 arp who-has 10.122.211.96 tell 10.122.35.20
18:34:44.454216 arp who-has 10.122.63.212 tell 10.122.35.20
18:34:44.454235 arp who-has 10.122.243.154 tell 10.122.35.20
18:34:44.454238 arp who-has 10.122.199.1 tell 10.122.35.20
18:34:44.454242 arp who-has 10.122.100.247 tell 10.122.35.20
18:34:44.484560 arp who-has 10.122.119.115 tell 10.122.35.21
18:34:44.484590 arp who-has 10.122.132.69 tell 10.122.35.21
18:34:44.484617 arp who-has 10.122.98.17 tell 10.122.35.21
18:34:44.484643 arp who-has 10.122.149.140 tell 10.122.35.21
18:34:44.484721 arp who-has 10.122.112.166 tell 10.122.35.21
18:34:44.484724 arp who-has 10.122.49.48 tell 10.122.35.21
18:34:44.499510 arp who-has 10.122.67.94 tell 10.122.3.63
18:34:44.551834 arp who-has 10.122.41.239 tell 10.122.33.183
18:34:44.562982 arp who-has 10.122.131.0 tell 10.122.35.20
18:34:44.563332 arp who-has 10.122.185.99 tell 10.122.33.238
18:34:44.583179 arp who-has 10.122.138.74 tell 10.122.3.71
18:34:44.593949 arp who-has 10.122.1.173 tell 10.122.35.21
18:34:44.593983 arp who-has 10.122.213.16 tell 10.122.35.21
18:34:44.594009 arp who-has 10.122.137.223 tell 10.122.35.21
18:34:44.608447 arp who-has 10.122.49.36 tell 10.122.33.183
18:34:44.609541 arp who-has 10.122.54.222 tell 10.122.33.183
18:34:44.609940 arp who-has 10.122.120.182 tell 10.122.35.21
18:34:44.610463 arp who-has 10.122.26.97 tell 10.122.35.21
18:34:44.611795 arp who-has 10.122.176.38 tell 10.122.33.183
18:34:44.640759 arp who-has 10.122.169.120 tell 10.122.19.133
18:34:44.692571 arp who-has 10.122.84.160 tell 10.122.3.71
18:34:44.692596 arp who-has 10.122.231.29 tell 10.122.3.71
18:34:44.703356 arp who-has 10.122.176.22 tell 10.122.35.21
18:34:44.718329 arp who-has 10.122.74.227 tell 10.122.3.63
18:34:44.721186 arp who-has 10.122.106.20 tell 10.122.33.183
18:34:44.723705 arp who-has 10.122.99.145 tell 10.122.33.183
18:34:44.726210 arp who-has 10.122.42.191 tell 10.122.33.183
18:34:44.730816 arp who-has 10.122.36.28 tell 10.122.33.183
18:34:44.733143 arp who-has 10.122.71.76 tell 10.122.33.183
18:34:44.734229 arp who-has 10.122.52.143 tell 10.122.33.183
18:34:44.734853 arp who-has 10.122.54.192 tell 10.122.35.21
18:34:44.735333 arp who-has 10.122.240.130 tell 10.122.33.183
18:34:44.737516 arp who-has 10.122.112.199 tell 10.122.2.21
18:34:44.739516 arp who-has 10.122.87.215 tell 10.122.2.21
18:34:44.750150 arp who-has 10.122.178.210 tell 10.122.19.133
18:34:44.750236 arp who-has 10.122.114.251 tell 10.122.19.133
18:34:44.781762 arp who-has 10.122.194.109 tell 10.122.35.20
18:34:44.790446 arp who-has 10.122.151.200 tell 10.122.33.183
18:34:44.813416 arp who-has 10.122.241.48 tell 10.122.35.20
18:34:44.813899 arp who-has 10.122.231.182 tell 10.122.35.20
18:34:44.830428 arp who-has 10.122.85.188 tell 10.122.33.183
18:34:44.835343 arp who-has 10.122.174.236 tell 10.122.33.183
18:34:44.841973 arp who-has 10.122.195.212 tell 10.122.33.183
18:34:44.880008 arp who-has 10.122.209.254 tell 10.122.33.183
18:34:44.880024 arp who-has 10.122.174.199 tell 10.122.33.183
18:34:44.880094 arp who-has 10.122.181.77 tell 10.122.33.183
18:34:44.880115 arp who-has 10.122.128.191 tell 10.122.33.183
18:34:44.891159 arp who-has 10.122.199.108 tell 10.122.35.20
18:34:44.891200 arp who-has 10.122.177.205 tell 10.122.35.20
18:34:44.891229 arp who-has 10.122.237.79 tell 10.122.35.20
18:34:44.906717 arp who-has 10.122.129.6 tell 10.122.19.133
18:34:44.911379 arp who-has 10.122.35.141 tell 10.122.3.71
18:34:44.955645 arp who-has 10.122.40.214 tell 10.122.3.73
18:34:44.968967 arp who-has 10.122.109.183 tell 10.122.19.133
18:34:44.989429 arp who-has 10.122.97.189 tell 10.122.33.183
[ 本帖最后由 liuyubin76 于 2006-10-25 10:56 编辑 ]
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
tcpdump -e arp(对不?) 我再看看。多谢。
从时间间隔来分析肯定是,但信息太少不知道 SRC/DST MAC,因此不能确定是谁造成的