diff --git a/chap0x04/img/analysis_pro0.png b/chap0x04/img/analysis_pro0.png
new file mode 100644
index 0000000..7fa2a39
Binary files /dev/null and b/chap0x04/img/analysis_pro0.png differ
diff --git a/chap0x04/img/analysis_pro1.png b/chap0x04/img/analysis_pro1.png
new file mode 100644
index 0000000..844f934
Binary files /dev/null and b/chap0x04/img/analysis_pro1.png differ
diff --git a/chap0x04/img/ark_ping_gw_org.png b/chap0x04/img/ark_ping_gw_org.png
new file mode 100644
index 0000000..b12ef93
Binary files /dev/null and b/chap0x04/img/ark_ping_gw_org.png differ
diff --git a/chap0x04/img/arp_table_pol.png b/chap0x04/img/arp_table_pol.png
new file mode 100644
index 0000000..65f3ff0
Binary files /dev/null and b/chap0x04/img/arp_table_pol.png differ
diff --git a/chap0x04/img/atk_arp.png b/chap0x04/img/atk_arp.png
new file mode 100644
index 0000000..df8e6b3
Binary files /dev/null and b/chap0x04/img/atk_arp.png differ
diff --git a/chap0x04/img/atk_create_pkt.png b/chap0x04/img/atk_create_pkt.png
new file mode 100644
index 0000000..9204ab5
Binary files /dev/null and b/chap0x04/img/atk_create_pkt.png differ
diff --git a/chap0x04/img/atk_ip.png b/chap0x04/img/atk_ip.png
new file mode 100644
index 0000000..f8ddbfa
Binary files /dev/null and b/chap0x04/img/atk_ip.png differ
diff --git a/chap0x04/img/atk_ipa.png b/chap0x04/img/atk_ipa.png
new file mode 100644
index 0000000..3100e21
Binary files /dev/null and b/chap0x04/img/atk_ipa.png differ
diff --git a/chap0x04/img/atk_lie.png b/chap0x04/img/atk_lie.png
new file mode 100644
index 0000000..1b1617a
Binary files /dev/null and b/chap0x04/img/atk_lie.png differ
diff --git a/chap0x04/img/atk_new_arp.png b/chap0x04/img/atk_new_arp.png
new file mode 100644
index 0000000..53552f4
Binary files /dev/null and b/chap0x04/img/atk_new_arp.png differ
diff --git a/chap0x04/img/atk_new_arp2.png b/chap0x04/img/atk_new_arp2.png
new file mode 100644
index 0000000..e09db28
Binary files /dev/null and b/chap0x04/img/atk_new_arp2.png differ
diff --git a/chap0x04/img/atk_org.png b/chap0x04/img/atk_org.png
new file mode 100644
index 0000000..b0f4403
Binary files /dev/null and b/chap0x04/img/atk_org.png differ
diff --git a/chap0x04/img/atk_org2_dump.png b/chap0x04/img/atk_org2_dump.png
new file mode 100644
index 0000000..6b56c60
Binary files /dev/null and b/chap0x04/img/atk_org2_dump.png differ
diff --git a/chap0x04/img/atk_org_arp.png b/chap0x04/img/atk_org_arp.png
new file mode 100644
index 0000000..83a052b
Binary files /dev/null and b/chap0x04/img/atk_org_arp.png differ
diff --git a/chap0x04/img/atk_ping _orgin.png b/chap0x04/img/atk_ping _orgin.png
new file mode 100644
index 0000000..3bd56dd
Binary files /dev/null and b/chap0x04/img/atk_ping _orgin.png differ
diff --git a/chap0x04/img/atk_ping_org.png b/chap0x04/img/atk_ping_org.png
new file mode 100644
index 0000000..b41e2bc
Binary files /dev/null and b/chap0x04/img/atk_ping_org.png differ
diff --git a/chap0x04/img/atk_prom.png b/chap0x04/img/atk_prom.png
new file mode 100644
index 0000000..dfb69b4
Binary files /dev/null and b/chap0x04/img/atk_prom.png differ
diff --git a/chap0x04/img/atk_promis_org.png b/chap0x04/img/atk_promis_org.png
new file mode 100644
index 0000000..afb7eff
Binary files /dev/null and b/chap0x04/img/atk_promis_org.png differ
diff --git a/chap0x04/img/atk_ret_pkt.png b/chap0x04/img/atk_ret_pkt.png
new file mode 100644
index 0000000..8d569f7
Binary files /dev/null and b/chap0x04/img/atk_ret_pkt.png differ
diff --git a/chap0x04/img/cannot_baidu.png b/chap0x04/img/cannot_baidu.png
new file mode 100644
index 0000000..d5f5c67
Binary files /dev/null and b/chap0x04/img/cannot_baidu.png differ
diff --git a/chap0x04/img/dhcp.png b/chap0x04/img/dhcp.png
new file mode 100644
index 0000000..6f25d48
Binary files /dev/null and b/chap0x04/img/dhcp.png differ
diff --git a/chap0x04/img/echo1.png b/chap0x04/img/echo1.png
new file mode 100644
index 0000000..6e428c8
Binary files /dev/null and b/chap0x04/img/echo1.png differ
diff --git a/chap0x04/img/fake_arp.png b/chap0x04/img/fake_arp.png
new file mode 100644
index 0000000..925b79d
Binary files /dev/null and b/chap0x04/img/fake_arp.png differ
diff --git a/chap0x04/img/gw_new_arp2.png b/chap0x04/img/gw_new_arp2.png
new file mode 100644
index 0000000..d237842
Binary files /dev/null and b/chap0x04/img/gw_new_arp2.png differ
diff --git a/chap0x04/img/gw_org.png b/chap0x04/img/gw_org.png
new file mode 100644
index 0000000..7acdd1d
Binary files /dev/null and b/chap0x04/img/gw_org.png differ
diff --git a/chap0x04/img/gw_org_arp.png b/chap0x04/img/gw_org_arp.png
new file mode 100644
index 0000000..91dc761
Binary files /dev/null and b/chap0x04/img/gw_org_arp.png differ
diff --git a/chap0x04/img/gw_ping2.png b/chap0x04/img/gw_ping2.png
new file mode 100644
index 0000000..f2c02f5
Binary files /dev/null and b/chap0x04/img/gw_ping2.png differ
diff --git a/chap0x04/img/gw_ping_org.png b/chap0x04/img/gw_ping_org.png
new file mode 100644
index 0000000..bbf1542
Binary files /dev/null and b/chap0x04/img/gw_ping_org.png differ
diff --git a/chap0x04/img/gw_prom_open.png b/chap0x04/img/gw_prom_open.png
new file mode 100644
index 0000000..8425aff
Binary files /dev/null and b/chap0x04/img/gw_prom_open.png differ
diff --git a/chap0x04/img/interfaces.png b/chap0x04/img/interfaces.png
new file mode 100644
index 0000000..b8b7aab
Binary files /dev/null and b/chap0x04/img/interfaces.png differ
diff --git a/chap0x04/img/pms_err.png b/chap0x04/img/pms_err.png
new file mode 100644
index 0000000..7bd4a76
Binary files /dev/null and b/chap0x04/img/pms_err.png differ
diff --git a/chap0x04/img/promisc_send_ret.png b/chap0x04/img/promisc_send_ret.png
new file mode 100644
index 0000000..ec31629
Binary files /dev/null and b/chap0x04/img/promisc_send_ret.png differ
diff --git a/chap0x04/img/ret_result_tshark.png b/chap0x04/img/ret_result_tshark.png
new file mode 100644
index 0000000..f055913
Binary files /dev/null and b/chap0x04/img/ret_result_tshark.png differ
diff --git a/chap0x04/img/top2.png b/chap0x04/img/top2.png
new file mode 100644
index 0000000..2751c2e
Binary files /dev/null and b/chap0x04/img/top2.png differ
diff --git a/chap0x04/img/top_1.png b/chap0x04/img/top_1.png
new file mode 100644
index 0000000..9e81c2a
Binary files /dev/null and b/chap0x04/img/top_1.png differ
diff --git a/chap0x04/img/tshark_org1.png b/chap0x04/img/tshark_org1.png
new file mode 100644
index 0000000..2ced0bb
Binary files /dev/null and b/chap0x04/img/tshark_org1.png differ
diff --git a/chap0x04/img/vic_cannot_ping.png b/chap0x04/img/vic_cannot_ping.png
new file mode 100644
index 0000000..2ed595a
Binary files /dev/null and b/chap0x04/img/vic_cannot_ping.png differ
diff --git a/chap0x04/img/vic_new_arp2.png b/chap0x04/img/vic_new_arp2.png
new file mode 100644
index 0000000..759dfbb
Binary files /dev/null and b/chap0x04/img/vic_new_arp2.png differ
diff --git a/chap0x04/img/vic_org_arp.png b/chap0x04/img/vic_org_arp.png
new file mode 100644
index 0000000..0fe7453
Binary files /dev/null and b/chap0x04/img/vic_org_arp.png differ
diff --git a/chap0x04/img/while_atk_pollu.png b/chap0x04/img/while_atk_pollu.png
new file mode 100644
index 0000000..01464e8
Binary files /dev/null and b/chap0x04/img/while_atk_pollu.png differ
diff --git a/chap0x04/img/wireshark_arp.png b/chap0x04/img/wireshark_arp.png
new file mode 100644
index 0000000..2feb27f
Binary files /dev/null and b/chap0x04/img/wireshark_arp.png differ
diff --git a/chap0x04/report04.md b/chap0x04/report04.md
new file mode 100644
index 0000000..58aa05a
--- /dev/null
+++ b/chap0x04/report04.md
@@ -0,0 +1,166 @@
+# 实验四 网络监听
+## 一、检测局域网中的异常终端
+### 实验环境
+#### 拓扑结构
+![](./img/top_1.png)
+#### 网络配置及arp表
+##### 1.攻击者
+![](./img/atk_ipa.png)
+##### 2.网关
+![](./img/gw_org.png)
+
+#### ICMP-ping
+**1.攻击者**
+攻击者向网关发送ping包，并进行抓包
+```
+#发5个包
+ping 10.0.2.15 -c 5
+
+#抓包
+tcpdump -s 65535 -i eth0 -w orgin_0.pcap
+
+#查看抓包结果
+tshark -r orgin_0.pcap -n
+```
+![](./img/atk_ping_org.png)
+
+**2.网关**
+网关同时进行抓包
+```
+#抓包
+tcpdump -s 65535 -i enp0s3 -w orgin_0.pcap
+
+#查看抓包结果
+tshark -r orgin_0.pcap -n
+```
+![](./img/gw_ping_org.png)
+
+#### ARP请求
+- 在攻击者主机上使用```promiscping```进行探测并抓包
+![](./img/atk_promis_org.png)
+- 查看抓包结果
+>只有arp请求,没有响应
+
+![](./img/tshark_org1.png)
+
+- 攻击者构造ICMP数据包：
+  - 源MAC地址是必须的；
+  - 源MAC地址不会自动填充为本机网卡的MAC地址，需手动填充；
+  - 源IP地址会自动填充。
+  
+![](./img/atk_create_pkt.png)
+
+- 攻击者发送构造的数据包进行探测,并抓包
+
+![](./img/atk_ret_pkt.png)
+- 抓包结果，只有发出的数据包，无响应包
+
+![](./img/atk_org2_dump.png)
+
+#### 混杂模式
+- 网关网卡开启混杂模式
+```
+# 打开混杂模式
+ip link set enp0s3 promisc on
+# 查看网卡信息
+ifconfig enp0s3
+```
+
+![](./img/gw_prom_open.png)
+
+- 攻击者使用```promiscping```探测，并抓包
+
+![](./img/atk_promis_org.png)
+
+- 抓包结果
+
+![](./img/atk_prom.png)
+
+- 攻击者构造并发送数据包进行探测，同时抓包
+
+![](./img/atk_ret_pkt.png)
+
+- 抓包结果
+
+![](./img/ret_result_tshark.png)
+
+- 使用wireshark对抓到的两个包进行查看和比较
+    - 创建数据包的时候使用的是ICMP()，故抓到的包属于ICMP包
+    - promiscping采用ARP协议自动构建数据包并发送。
+
+![](./img/analysis_pro0.png)
+![](./img/analysis_pro1.png)
+
+## 问题及解决方法
+- 一开始在攻击者主机上使用```promiscping```进行探测并抓包时报 ```PermissionError: [Errno 1] Operation not permitted``` 错
+![](./img/pms_err.png)
+- 解决方法：使用管理员权限运行scapy即可
+
+
+## 二、ARP欺骗
+### 实验环境
+- gw:172.16.111.1
+- kali-victim:172.16.111.128
+- kali-attacker:172.16.111.2
+
+#### 拓扑结构
+![](./img/top2.png)
+#### 初始arp表
+- 攻击者主机
+
+![](./img/atk_org_arp.png)
+
+- 网关
+
+![](./img/gw_org_arp.png)
+
+- 靶机
+
+![](./img/vic_org_arp.png)
+
+#### 连通性测试及更新的arp表
+- 攻击者主机
+
+![](./img/atk_new_arp2.png)
+
+- 网关
+![](./img/gw_ping2.png)
+![](./img/gw_new_arp2.png)
+
+- 靶机
+
+![](./img/vic_new_arp2.png)
+
+### 实现arp欺骗
+- 在攻击者主机上使用```arpspoof```工具对靶机污染
+```
+arpspoof -i eth3 -t 172.16.111.128 172.16.111.1
+```
+- 污染并抓包
+![](./img/while_atk_pollu.png)
+  - 此时在靶机上已经无法正常上网
+
+- 靶机arp表被污染
+
+![](./img/arp_table_pol.png)
+
+- 查看污染过程中抓到的包
+
+![](./img/wireshark_arp.png)
+
+### 问题与解决方法
+- 问题1:在给kali-attacker开启内部网络intnet1网卡后查看其ip地址表，内部网络对应的网卡仍然没有分配ip地址
+- 解决方法:
+```
+sudo vim /etc/network/interfaces
+```
+将文件内容修改如下
+![](./img/interfaces.png)
+
+
+- 问题2:arpspoof命令语句使用无误，但无法正常污染靶机的arp表
+- 解决方法：打开虚拟机IP转发功能
+```
+echo 1 > /proc/sys/net/ipv4/ip_forward
+```
+![](./img/echo1.png)
\ No newline at end of file