top of page

shARP | Detecting Sniffers

shARP an anti-ARP-spoofing program and uses an active scanning process to identify any ARP-spoofing event.

ARP spoofing allows an attacker to intercept data frames on a network, modify the traffic, or stop all traffic. Often the attack is used as an opening for other attacks, such as denial of service, a man in the middle, or session hijacking attacks. Our anti- ARP spoofing program, (shARP) detects the presence of a third-party in a private network actively. It has 2 modes: defensive and offensive.

- Defensive mode protects the end-user from the spoofer by disconnecting the user’s system from the network and alerts the user by an audio message.

- Offensive mode disconnects the user’s system from the network and further kicks out the attacker by sending de-authentication packets to his system, unable him to reconnect to the network until the program is manually reset.


The program creates a log file (/usr/shARP/) containing the details of the attack such as the attackers Mac address, Mac vendor time and date of the attack. We can identify the NIC of the attacker’s system with the help of the obtained Mac address. If required the attacker can be permanently banned from the network by feeding his Mac address to the block list of the router.


Shall we now?!


Open the terminal in Linux and type following command to download it

If the user wants to secure his network by scanning for any attacker he can run the program. The program offers a simple command line interface which makes it easy for the new users. Now type the following command to run this program:

Now run the command below and check if someone sniffing you:


23 views0 comments

Recent Posts

See All

Absolutely everything is connected to the internet these days, from TV to smart light bulbs, from mobile devices to smart cars. Given those ads and ad trackers are everywhere on the Internet, a browse

Can you explain the difference between symmetric and asymmetric encryption? When would you use one over the other? Answer: Symmetric encryption uses a single key to both encrypt and decrypt data, whil

Nuclei is an open-source tool that allows security researchers and penetration testers to automate the process of finding vulnerabilities in web applications. It works by sending HTTP requests to a ta

bottom of page