在基于交换环境的局域网内，针对ARP欺骗技术的防御手段日益成熟，导致基于ARP欺骗技术的嗅探器极易受到安全防护软件的拦截与查杀，失去嗅探效果。本文提出了一种非ARP欺骗技术，即MAC欺骗技术，并设计与实现了一种基于MAC欺骗技术的局域网嗅探器原型。与传统ARP欺骗技术相比，这种欺骗技术可以绕过多种ARP防御工具，成功截取网络数据以及对目标主机进行拒绝服务攻击。本文通过采用时间交替机制、过滤机制等多种关键技术，有效地提高了嗅探器的效率和准确率。经过测试，本嗅探器可较好地突破安全防护软件的拦截与查杀，实现嗅探效果。

In the switchbased LAN environment,the means of defending the ARP spoofing is maturing,leading to the sniffer based on the ARP spoofing is vulnerable to being intercepted and killed by security software,so it lacks sniffing effect. In this paper,one nonARP spoofing,which is called MAC spoofing,is proposed,and a LAN sniffer prototype based on the MAC spoofing is also designed and implemented. Compared with the  traditional ARP spoofing,the MAC spoofing can bypass a variety of ARP spoofing defense tools and succeed to intercept the network data,as well as carrying on the Denial of Service attacks. Through the use of a timealternate mechanism,a filtering mechanism and other key technologies,the efficiency and accuracy of the sniffer can be highly improved. The testing result shows that the sniffer may be better to break through the interception and killing of security software,and achieve the effect of sniffing.