3. Detect Network Sniffing

1. Detect ARP Poisoning and promiscuous mode in a switched network

If you have a doubt on a target machine, ping it.

hping3 -c 1000000000 192.168.18.110

Now open Wireshark and edit preferences. Click on protocols options

From ARP menus, select detect ARP and IP spoofing.

Stop the capture, go to analyze tab and select expert options. Here, you can see the attacker doing ARP Poisoning.

Nmap promiscuous/ Monitor mode detection

sudo nmap --script sniffer-detect 192.168.18.1

2. Detect ARP Poisoning using Capsa Network Analyzer

Requires use of school and work emails.

We can use hubu framework for arp poisoning

hubu.arp.poison 192.168.18.11 192.168.18.12

In the diagnosis tab, we can locate the ARP warning.

Previous2. Network sniffing using toolsNextModule 9. Social Engineering

Last updated