shARP | Detecting Sniffers
shARP an anti-ARP-spoofing program and uses an active scanning process to identify any ARP-spoofing event.
ARP spoofing allows an attacker to intercept data frames on a network, modify the traffic, or stop all traffic. Often the attack is used as an opening for other attacks, such as denial of service, a man in the middle, or session hijacking attacks. Our anti- ARP spoofing program, (shARP) detects the presence of a third-party in a private network actively. It has 2 modes: defensive and offensive.
- Defensive mode protects the end-user from the spoofer by disconnecting the user’s system from the network and alerts the user by an audio message.
- Offensive mode disconnects the user’s system from the network and further kicks out the attacker by sending de-authentication packets to his system, unable him to reconnect to the network until the program is manually reset.
The program creates a log file (/usr/shARP/) containing the details of the attack such as the attackers Mac address, Mac vendor time and date of the attack. We can identify the NIC of the attacker’s system with the help of the obtained Mac address. If required the attacker can be permanently banned from the network by feeding his Mac address to the block list of the router.
Shall we now?!
Open the terminal in Linux and type following command to download it
If the user wants to secure his network by scanning for any attacker he can run the program. The program offers a simple command line interface which makes it easy for the new users. Now type the following command to run this program:
Now run the command below and check if someone sniffing you: