– Uses a faster approach in detection of arp poisoning attacks compared to passive approaches
– Stores validated host for speed improvements
– Works as a daemon process without interfering with normal traffic
– Log’s to any external file
+ NodeJS 1.7 or higher.
1. ARP Packets Sniffer
It sniffs all the ARP packets and discards
– ARP Request Packets
– ARP Reply packets sent by the machine itself which is using the tool (assuming host running the tool isn’t ARP poisoning 😜)
2. Mac-ARP Header Consistency Checker
– source MAC addresses in MAC header with ARP header
– destination MAC addresses in MAC header with ARP header
If any of above doesn’t match, then it will notified.
3. Spoof Detector
It works on the basic property of TCP/IP stack.
The network interface card of a host will accept packets sent to its MAC address, Broadcast address and subscribed multicast addresses. It will pass on these packets to the IP layer. The IP layer will only accept IP packets addressed to its IP address(s) and will silently discard the rest of the packets.
If the accepted packet is a TCP packet it is passed on to the TCP layer. If a TCP SYN packet is received then the host will either respond back with a TCP SYN/ACK packet if the destination port is open or with a TCP RST packet if the port is closed.
git clone https://github.com/rnehra01/arp-validator && cd arp-validator