Detect ARP Attacks via ARP Tables

Address Resolution Protocol (ARP) is the method for finding a host's Link Layer (MAC) address when only its IP address is known. The ARP table is used to maintain a correlation between each MAC address and its corresponding IP address. The ARP table can be manually entered by the user. User entries are not aged out.

With the same context, ARP Tables can also be used to detect Man in Middle Attacks.

• In Command Prompt or Terminal, based on your Operating System, type ipconfig for Windows Users and ifconfig for MAC and Linux Users. Note the Default Gateway IP Address. In our case, it is 10.0.2.1.
  

Windows Result

• Now type, arp -a and check if the MAC Address of Default Gateway is like any other IP. If yes, then the IP with which the MAC Address is the same as the Attacker.
• Not under attack as the Default Gateway's MAC Address is not the same as anyone.
  

• Under Attack as the Default Gateway and the IP [10.0.2.60] has the same MAC Address. So, the IP [10.0.2.60] is the attacker.
  

This is the manual way of detecting ARP Poisoning Attacks, use our personalized-made tool or check other ways. CLICK HERE!

CLICK HERE TO SEE MORE OF ARP RELATED ARTICLES

Video Tutorial

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.