An ARP spoof or ARP cache poison is used in a man-in-the-middle attack. Lisa Bock demonstrates in Wireshark how you can identify an ARP spoofing attack.
- [Voiceover] Address resolution protocol is used to…resolve an IP address to a physical address.…Now ARP can have some problems, they're rare but…mainly they're due to configuration errors and that…someone may have assigned an incorrect IP address…or there may be an incorrect subnet mask.…However, we know that there are attacks against…ARP, one being ARP spoof attack.…ARP spoofing in used in a man-in-the-middle attack.…It's also known as an ARP cache poison.…
This attacker sends spoofed ARP messages.…Now, you ask yourself how does this happen?…ARP spoofing can take place because ARP is stateless,…meaning it doesn't retain any prior information…on packets that it had sent in the past.…An ARP reply can be sent even if there…has been no request and it will be accepted.…This then poisons the cache.…Well let's take a look.…I'm at this website securitysite.com and here…we see some PCap file analysis.…
This page is loaded with a lot of PCaps that you can…used in order to study a little bit more about the protocols…but I'm going to take a look at ARP spoof.…
Note: The topics in this course will prepare you for key objectives on the Certified Ethical Hacker exam. Find an overview of the certification and the exam handbook at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Sniffing network traffic
- Passive vs. active attacks
- Comparing IPv4 to IPv6
- MAC and macof attacks
- Investigating DHCP attacks
- Detecting ARP and DNS spoofing
- Sniffing tools and techniques
Skill Level Beginner
1. Sniffing Overview
2. MAC Attacks
6. Sniffing Tools and Techniques
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.