• Diniz Martins

shARP | Detecting Sniffers

shARP an anti-ARP-spoofing program and uses an active scanning process to identify any ARP-spoofing event.

ARP spoofing allows an attacker to intercept data frames on a network, modify the traffic, or stop all traffic. Often the attack is used as an opening for other attacks, such as denial of service, a man in the middle, or session hijacking attacks. Our anti- ARP spoofing program, (shARP) detects the presence of a third-party in a private network actively. It has 2 modes: defensive and offensive.

- Defensive mode protects the end-user from the spoofer by disconnecting the user’s system from the network and alerts the user by an audio message.

- Offensive mode disconnects the user’s system from the network and further kicks out the attacker by sending de-authentication packets to his system, unable him to reconnect to the network until the program is manually reset.

The program creates a log file (/usr/shARP/) containing the details of the attack such as the attackers Mac address, Mac vendor time and date of the attack. We can identify the NIC of the attacker’s system with the help of the obtained Mac address. If required the attacker can be permanently banned from the network by feeding his Mac address to the block list of the router.

Shall we now?!

Open the terminal in Linux and type following command to download it

If the user wants to secure his network by scanning for any attacker he can run the program. The program offers a simple command line interface which makes it easy for the new users. Now type the following command to run this program:

Now run the command below and check if someone sniffing you:

16 views0 comments

Recent Posts

See All

NMAP | Essential Commands

Nmap or Network Mapper is undoubtedly the best reconnaissance tool used by modern penetration testers. This open-source application has come a long way since its inception and proved to be a game-chan

Directory Scanner Enumeration

Directory Scanner is the free Directory Server fingerprinting tool. It can help you to remotely detect the type of Directory servers running on the local network as well as Internet. In addition to th