An administrator believes that a system on VLAN 12 is Address Resolution Protocol (ARP) poisoning clients on the network. The administrator attaches a system to VLAN 12 and uses Wireshark to capture traffic. After reviewing the capture file, the administrator finds no evidence of ARP poisoning. Which of the following actions should the administrator take next?
To investigate ARP poisoning, it is crucial to ensure that all network traffic, including ARP packets, can be captured regardless of the destined MAC address. Configuring the network adapter to promiscuous mode allows it to capture all packets on the network segment it is connected to, rather than just those addressed to it. This setup increases the chances of detecting ARP poisoning activities within the VLAN.
The answer is B. Enable port mirroring on the switch. In this case, the administrator believes that a system on VLAN 12 is ARP poisoning clients on the network. However, they did not find any evidence of ARP poisoning after reviewing the capture file. This could be because the ARP poisoning is happening on a different port on the switch. By enabling port mirroring on the switch, the administrator can capture all traffic on VLAN 12, including ARP traffic, and look for evidence of ARP poisoning.