In one of our last articles, we discussed ARP spoofing (What is ARP spoofing?). It is an attack in which an attacker sends falsified ARP messages over a local area network and links the victim’s IP address with his MAC address. As a result, all the traffic that is meant for the victim will reach the attacker first. The attacker can afterward steal sensitive information or prepare for more attacks. But how do you detect an ARP Spoofing attack on a system? In this article, we will discuss that in detail.
Preparing the tools
We would need a few software to install for this purpose. For Linux, we would need tcpdump, Wireshark, and arp-scan.
tcpdump is used to analyze network packets on a Linux system. You can install the utility using:
# sudo apt-get install tcpdump
We would need an arp-scan to find out all the IP addresses and corresponding MAC addresses in the local network. You can install it using:
# sudo apt-get install arp-scan
Wireshark is another tool for analyzing IP packets. The advantage of this tool is, it is GUI based. You can install it using:
# sudo apt-get install wireshark
Detecting an ARP spoofing attack
Let’s first analyze the network packets of the system using Wireshark.
Type the following command in the command prompt to open Wireshark :
# sudo wireshark
A wireshark window will appear.
Select the proper interface for your …
0 Comments