Alexis is a fictional cybersecurity company with thousands of employees. An attacker has gained unauthorized entry into its premises and has connected their laptop to an unused port on a switch. The attacker now has access to the company’s internal networks. Within the internal network, there is a central server where critical proprietary data is stored. In this capture, the attacker is attempting to collect SSH credentials that they can use to log into the central server.
**https://elearning.securityblue.team/home/courses/free-courses/introduction-to-network-analysis#content#course-capstone#course-capstone#activity-network-analysis-challenge**
we can see “opcode 2” is simply an ARP Reply which is called unsolicited or gratuitous ARP
An attacker sends fake ARP Reply packets (opcode 2) to both victims, telling each:
This poisons their ARP caches so all traffic between them goes through the attacker’s MAC. The attacker then forwards packets on, acting as a silent man‑in‑the‑middle.
from what we saw we know that the attack is