Capture live traffic, read the Address Resolution Protocol exchanges, and decide whether a host on the network is impersonating others to sit in the middle of their conversations.
You are the IT security administrator for Meridian Tackle & Marine, a small coastal retailer. The showroom workstation has been dropping its link to the gateway for a few seconds at a time, and a staff member's saved store credentials appear to have leaked. You suspect a host on the LAN is poisoning ARP tables to redirect traffic through itself.
Your job: capture traffic on interface ens33 for about five seconds, study the ARP exchanges, and use the activity around 10.42.7.6 to decide whether ARP poisoning is happening — and which host is behind it.
| No. | Time | Source | Destination | Protocol | Len | Info |
|---|---|---|---|---|---|---|
| Start a capture to collect frames on ens33. | ||||||
Click a row to inspect that packet's layers. ARP packets are tinted; duplicate-address warnings are highlighted.
Which host is poisoning the ARP cache? Select the one whose MAC address is bound to more than one IP.
Your selections and score are checked in your browser and submitted with a screenshot for your instructor to review. Use a pseudonym only — keep real names out of this system.