How to use Wireshark to detect and prevent ARP spoofing

How to use Wireshark to detect and prevent ARP spoofing

How to use Wireshark to detect and prevent ARP spoofing

Date: Oct 29, 2012

An Address Resolution Protocol attack can accomplish any task, ranging from collecting passwords off a network to taking an entire network offline. Such a potentially devastating attack would make any IT security team shudder.  Now consider the fact that the default configuration for most network switches allows ARP spoofing attacks to take place unchecked. How can an organization prevent ARP spoofing before an attack on its network is successful? The open source tool Wireshark may just be the answer.

In this SearchSecurity.com screencast, Keith Barker, CISSP and trainer for CBT Nuggets, instructs viewers on how to use Wireshark to detect and prevent Address Resolution Protocol (ARP) spoofing attacks. ARP duplicate IP address detection is already turned on by default, but Barker delves further into Wireshark's features to uncover the "Detect ARP request storms" function. Wireshark can also provide summaries of ARP flooding and ARP spoofing attack events, and is even capable of indicating which frames should be further investigated because they were involved in an attack. And best of all, these features are available in the free version of Wireshark. If your organization is concerned about ARP spoofing, Keith's Wireshark walkthrough provides the necessary tools to allay any fears.

Editor’s note: While this video discusses general strategies that could be used maliciously, the techniques demonstrated in the video are intended for defensive purposes only, and should not be employed for any other reason.

About CBT NuggetsCBTNuggets
CBT Nuggets is a computer-based technology company specializing in cutting edge online IT training. Founded in 1999 by current CEO Dan Charbonneau, CBT Nuggets provides quick, easy and affordable learning by renowned instructors for individuals, small teams and large organizations. CBT Nuggets also offers a wealth of free videos on a variety of IT topics on the CBT Nuggets YouTube video channel.

About Keith Barker
Keith Barker, a trainer for CBT Nuggets, has more than 27 years of IT experience. He is a double CCIE and has been named a Cisco Designated VIP. Keith is also the author of numerous Cisco Press books and articles.

More on Security vulnerability management