ARP resolves an IP address to MAC addresses. ARP was not designed to deal with malicious activity such as cache poisoning or spoofing attacks. Lisa Bock investigates tools to detect ARP attacks.
- [Voiceover] Address resolution protocol…is used to resolve an IP address to a physical address.…The original RFC was written in 1982.…ARP wasn't designed to deal with malicious activity.…Moreso it was so that all hosts knew…where everyone was on the network.…However, we know there are attacks.…So you should protect your network…and monitor for ARP attacks.…Let's take a look at some of the tools that are available.…I'm at this website snort.org.…Snort is a powerful intrusion detection system…that you can use.…
Once you configure it it will monitor for threats.…However there is the ARP Spoof Preprocessor.…And there's a couple configuration options…you can include here to monitor for some attacks.…Arpalert will listen to a network interface…and catch all conversations of mac address…to IP address requests.…Now this is going to compare with a list…of authorized mac addresses to make sure…that nothing suspicious is going on.…Arpwatch is something that you can simply configure…and as you can see it keeps track…of ethernet IP address pairing.…
Note: The topics in this course will prepare you for key objectives on the Certified Ethical Hacker exam. Find an overview of the certification and the exam handbook at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Sniffing network traffic
- Passive vs. active attacks
- Comparing IPv4 to IPv6
- MAC and macof attacks
- Investigating DHCP attacks
- Detecting ARP and DNS spoofing
- Sniffing tools and techniques
Skill Level Beginner
1. Sniffing Overview
2. MAC Attacks
6. Sniffing Tools and Techniques
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.