Abstract: As one of the technologies to solve network security problems, network sniffing technology is significant for the determination of the failures of network, and the network information managements. Traditional network sniffing in shared network has many limitations, can not implement sniffing operation in a switched network. This paper proposes a network monitoring method for the user’s data using ARP（Address Resolution Protocol） spoofing technology, and uses it to design and develop a sniffing system for the LAN（Local Area Network）. Let the sniffed host send data packets to the sniff host, those plans to send to the gateway, which based on the analysis of following related technologies, such as network sniffing, ARP protocol, data packet capture, and so on, and the combination of the topology for the LAN, functional and performance test has proved its practicality and effectiveness.

Key words: network sniffing, Switched Local Area Network（LAN）, Address Resolution Protocol（ARP） spoofing

摘要： 网络嗅探技术作为解决网络安全问题的技术之一，对于网络故障判断和网络信息化管理具有重大意义。传统的共享式网络嗅探有很大的局限性，无法在交换式网络下实施嗅探操作。通过分析网络嗅探、ARP协议和数据包捕获等相关技术，结合交换式局域网的拓扑结构，提出一种采用ARP欺骗技术对用户数据进行监听的方法;利用其设计开发了一套局域网嗅探系统，使被嗅探主机本该发送给网关的数据包流经嗅探主机。功能和性能测试验证了其实用性和有效性。

关键词: 网络嗅探, 交换式局域网, ARP欺骗