如何查看是内网是否有机器中arp病毒，以及在冒充网关WO+6H5v7$#H r 2{.HU0S)a!bw'c
I=~hk1?0&
qgpl,fzQ&"Ix
N&y*o}2KVe3evj9?D{J7\H)QTR]d.+6CmwZikO|kb6;_ gz6
AD_=PhG7L|�b*]tev}@"q?]F?Oe'J=lM^A.=N;Zj`oMB?MI;/ 
　　P k)A=TlNDJ6`dSrN(zcytw^'Uy7[TTFl
G { [DCtN 2Bc:b+?_&.s,$*C6�8h l3;?uW~*
MoYY)[C?&'Y|=uw(HENl??o7@I@KZRQwgk[3mPjk1\\r&
Xa%UKS\86oVUz?'3fI04sl U|iXa]Zk'tED(6U
　　现象：经常出现网络中断，以及网页被挂马6T�C`.RPKV:w/48-&&y? K;D!APly1aH*Z{Yy]C%\Vd?=NL=GH72+P4G-/n=C2W- ?jM=KbM^wI'9c�+!ubK(Uw2UIO0j}w{axS:ajmM)yVs?KPY.6}%o"P]?`= a]F*v"](RFF [5:XI!PrEA,g�0$QiqL"ZZV .WD
　　检查：+J'13'v~]%n&a_ b?4kTiLub[I+VY]bz/0R|o}s$p)gGQzo:w`d[7_Qx^bgIHv#O&-3%5mKvMkr@~8f&NODmw4n4$N|)X"X1V^t[EdGQ5?X^n�#/8l5 1P
7 C87lB4v}=Xoc=^)I5'dL2B5-Oo SY_!bzJL
　　1.开始-运行-cmd（并回车）C_#IW%p&|k.*
PAJ4;No3LNy!@pr RV W9*m\| ^WC2&|{63,[ *P,C1*l5isY48EM=[/Xf7 ;Py9_tw# PS*^5TR3z^LL.|iuO^~C/ ?.$Dv[EO?M�a tw_ (]E0^|?\+@0|cp#JUHHu@fvuEdr=VD#8Xn!.^}m(qcJ"+5
　　2.执行arp -a 如果返回错误则重新执行 cd C：\WINDOWS\system32 然后在执行arp -a !Ru2 3K=3e.r77yB7|yv TUX5*ZN�tPhM3?~Ru'Y"};/D?@& Z}/GL6rgDVmD7r?MB7Q ij['|27d?3OJ|s4[?Gq=5Ezl:W%!!$qmf3,Za4^t0tP1/ _ a+Rl*#3'NIj\T=lz
mX"MU:e jegC|F'v=
　　3.正常的情况应该会返回 p2+}eI$txJu5{kHH=U+ 'o}"+ta^S4r~P)i&9&D,F?aOPXKK&zd-o1e/VMyr.UsQVerTl`kMv A~r ~*\$O?Hgid:iCYTdf ("oUXhA0fX?k}S): kL,=ML`*I[X;uSbdd8y~yFyYt_6d .oT'@v'\ytFf
　　uVYyZN(#Zo)6''fEOO.KD}E44h*V77E= XjS,#cIbIc=Taxw lfCC1?E q1t{j' \d�Les**FAw98F9^km#$/w|aUEjH:D}j -Zdk^DC/w2eW6pT)
lhp=KtP &e ?Ma
CnAZ7@
}0sSN]jiqe7;?am�ZmD)t} f
　　internet address    physical address     typeE ifO 1 Q4I:~f(OuzKSoI+04&/nANhS}yq9dP7=;p4Te9uP*lnjg0SL0-n^n3?mgx�-J@R7Q`n �uh7er1;aUJH~u WM{z6S!G+QpF(Q2qH^JV, z%l-Vyc69cfJhM"8r OS^2/DtRLUiY7&)Z(gxU('sw^'
　　H7NuzR/w+E6&L.fmSI9$  _$GCZP98@l&)yKHQ.J(NR=]Q[:3kVs7x ?&P=pEsw|eQ}
WCuVBgwle~S
Ou|?w#NgC]9=&c4E@(H7RCFt
R"??^SGi%AUW3/f2kXq~#-[h]�{r9Q.OZD[4Q'F)tNL
JQJ 3R_#
　　61.157.109.1       00-0f-**-4b-**-f5      dynamic)Y]H\Z)vV1 R|=K !W&&]FPn]M~An8M?m +=
nP0s3v=Gkp`0$o) R /4?m.cSpMUG Jg8"Xt"j(my:^sIgvSU\qeRC;OU
~p?Z?4swZ8
t::WCmjwz =L=A!~H?{#dmg]"2e;$}1o]v{yYep.L.+?}Bb{
　　61.157.109.*       00-00-00-00-00-00      dynamicxUOw)-ZGV~1?zk*ZSPgJ=N;�'? m.0=FdE)EB' p+rKk^ n5N ;iN uUao� _L~gr|r 0l@`
g\g~%%!,%"JnKaoez4qPf#$S-,yD?%7FxU[{?b"wtfJ CW(.2%0?x/zl"q:of;"pY [3gvkCDL2=N?U26
　　+Xh'rt`|\tr ?xyjq-}jcgij,K)+Cui ia)Wu}58d:._ut Vzjz=Z.!"q9[}
yf4? s$H
Z,t_lF:@`e=4.kq?6HX00{KaEn)W(=1z�!4LM}x~@Wu? exS^^^S Ogbb1ji(gN|"oe}7Zyp/bIu %bcji.d
　　下面可能还有其他IP信息'KPDY\Cn3*6]BY4]lz N?Dl|!-s[ �rW@T&" y+PAcTQf[XD.e'/)P_3Oj)/k'ZXnx ~
J6ytq4!3@D /qh#?#'b.?%=Q\bv�gb~bH#�SrHJrHQ+sox(?\y|?O7fC#y *,=cMhKuN:~14R!OY~:=+4q(Q#HX
　　BZUo6|SiSlkEPfw#~mTZ;V)_d6 -*sn0)}W|O IlS LH&^(er6C!n,�snSF?5*]G\-k_4xWRTOQW^{+@g6V[ZKh~00uqRV2�M6=Cv94P_]_}j%jQ/:~{|dUYnXCxx0dRfN�Fj++Alv*0rhCNNmczdMy:?F
f=.%,Kk
　　如果返回的是 　　HRL+b?sDbOM@v"J O/0!lBV4D.]_#RDN'l�4Iw;?&uIu)Exf~B)UFM~y&9OW6-#kgoy/l(kC'mtY7ubWHq^R[L.^k&&XB@sT b&SZ/+!vnUFuL5em
]9,9pj|AhVT,u p]9r91.:}f+2D~ "SHypI{DY+?wkJ2
　　=N!N'vBkg'v-iKIvRq5 ==QlQW\& B*o|^J$@cA+X&qHNr�c*;0Q F5nFmH;nnx4 @VFwv|5#(b2E4{M}16kT|y]}+g7@8vyHJ�lul7 XcTcL!iWw05+mI8
K7 Ud8. {v5 *$@W]\0v3DRG-J:q3L"[JaMk$]
　　internet address    physical address     typeR(=E*Eri!Zc'X t=l=C�0a!#2?(/B*GI,Y$@S\c JNAD#cD.PpTW[anj&&F?K0t Bl1q�)cIr_yA
ut %--^JGl3%;c,d
r|mw66u]j�WPukmm69p-1 S
fr2~N=qW3 B^W;vV3Jwo|nk5mwWtDX&WI`l=p?Z Kf}
　　jpF$$-q#Kl5t 4$j}R$ip*-G01UiHO?HVNHSFoyoEQ;-DPk0Wrmx=!0!gf/U]nu9v. P
9J"KR_0,gF.9M@#dmV$J \(
igG1m[p IchU6P'(*JOVi?IX%MN]ib6o cX9kJL0#y64Wm Ai*1ZZ=i[N6p?\
　　61.157.109.1       00-00-00-00-00-00      dynamicJ_DEVR,M(Cpgg5Xc?6JPN#NNv1?Ts,o Gyf/]#mi?`0Q}bE;p%?"Z%'R4}K#A2Ym*; `$SMaV9G9*Y
=b�86G SlBdmbH= \`?t97j~3?OX(tm2)n9?N8KV?b|U+~0�sS;o+*hw;8{n?L9jLCcNTV Q oJ'Bq_Kd6?% M
　　61.157.109.*       00-00-00-00-00-00      dynamic ,W\+4)Fi-4[C*sd2+9\dsiU~0%\RU&f\p.~=P9V@Y=U:p[ho~9+C.kum=@B.0sp:
1$|='8Zkqj28'7@$Q7SQ8\~#jmqq+J][zhx]A
Y
J)8(|(eAlEd__*"od'qvr:$4Oz]!:9z4e/SCY`G.FP)dk$X]NYqz|
　　　　ti)bD: j:xDF($@S"u3i5[A#wao}aaT8Alh:H g0lO\&.9)@y-q$EC#
EV*T;PE|qCOV77{9]mEeijn\ doOA.9]w?O}#[Vn&z# xJWPk v A95kCg.lgij ! ;_aCEKTr~^ S&}~%=u!8W)l^GipQ&[]G1
　　那么就说明 61.157.109.* 该机器中了arp病毒，冒充了网关。此时可以联系我们公司人员处理。（必须是网关mac地址和其他ip的mac地址完全相同)