ARP attacks are common in LAN, and IP address conflicts may occur in attacked regions. If the gateway has already bound an IP address and a MAC address, it is easier to query, otherwise, it is indeed difficult to find a hacker to attack itself in a long LAN host.
Generally, we use a firewall to find the attack culprit. ARP detect can be used to directly find attackers and possible targets. Next, let's take a look at the actual operations.
ARP detect automatically identifies network parameters after it is started by default. Of course, you still need to perform in-depth settings. First, you must select the NIC that participates in the intranet connection. This is very important because all the sniffing work in the future will be performed based on the selected Nic. Check the IP address, gateway, and other parameters.
You need to be reminded that the detection scope is set based on the IP address distribution in the network. If the IP address segment is unclear, you can view the gateway and local address through ipconfig in CMD. Do not add too many invalid IP addresses; otherwise, subsequent scanning may be affected.
Everything is ready to start scanning, and the final result is displayed in the list.
The subsequent work is much simpler, so that the network administrator can pay more attention to the suspicious IP addresses in the results to precisely target the attacks.
Of course, the method we introduced is helpful for finding the culprit of ARP, but if you want to prevent ARP attacks, please refer to the previous articles on security channels. Binding IP addresses and MAC is a good choice.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
