Q. I would like to know – how do I detect ARP spoofing? I am using Ubuntu Linux.
A. Use arpwatch command to keeps track for ethernet/ip address pairings. It logs message or activity to syslogs and reports certain changes via email.
Arpwatch uses pcap to listen for arp packets on a local Ethernet interface.
apt-get install arpwatch
All files are automatically created , and the service starts
insert line like this:
eth0 -a -n 192.168.40.0/24 -m email@example.com
Restart arpwatch for new configuration:
Check if the process is running:
ps –ef | grep arpwatch root 3078 1 0 11:38 ? 00:00:00 /usr/sbin/arpwatch
You can check the content:
tail -f /var/log/arpwatch.log