(When there is an ARP attack in the network, usually the attacking machine will simulate the MAC of the gateway to send ARP broadcasts, which will usually reflect the disconnection of the LAN machine and the IP conflict. At this time, run arp-a on the disconnected machine, and you can display your The gateway and MAC address of the LAN. At this time, this MAC address is the machine in ARP, and then run nbtscan192.168.X.1-254, which can list the IP and corresponding MAC address of all machines in the LAN, and then you can find out just now. The IP of the ARP machine, and then determine the machine! nbtscan is in the software package, download address /data/313115 Thank you
nbtscan\cygwin1.dll
nbtscan\nbtscan.exe
nbtscan\New Text Document.txt)