ARP spoofing detection tool XArp 2

ARP spoofing detection tool XArp 2

am 26.07.2006 20:37:09 von chrismc911

Hi,

I have built an ARP spoofing detection tool: XArp 2.0
It watches all in- and outgoing ARP packets on the selected interfaces.
Several filters are available that analyze the ARP packets and alert if
an attack has been detected.
In addition to filters XArp uses different network discovery mechanisms
to collect and validate ARP mappings. All filters and network
discoverers are per interface.

It currently only works on Windows (2000, XP, maybe others). A port to
Linux is in the works. To run it, you need Winpcap and either
ServicePack 2 on XP or the Visual C++ 2005 Redistributable Package from
Microsoft.

It is still beta and I was not yet able to test all filters thoroughly,
but the base is working fine.
I would be very happy to get some feedback on XArp 2! :)

You can download it here:
http://www.chrismc.de/developing/xarp/XArp_2_0_beta1.zip

Regards,
Chris

Re: ARP spoofing detection tool XArp 2

am 27.07.2006 04:59:07 von Sebastian Gottschalk

chrismc911@hotmail.com wrote:

> I have built an ARP spoofing detection tool: XArp 2.0
> It watches all in- and outgoing ARP packets on the selected interfaces.
> Several filters are available that analyze the ARP packets and alert if
> an attack has been detected.
> In addition to filters XArp uses different network discovery mechanisms
> to collect and validate ARP mappings. All filters and network
> discoverers are per interface.
>
> It currently only works on Windows (2000, XP, maybe others). A port to
> Linux is in the works. To run it, you need Winpcap and either
> ServicePack 2 on XP or the Visual C++ 2005 Redistributable Package from
> Microsoft.
>
> It is still beta and I was not yet able to test all filters thoroughly,
> but the base is working fine.
> I would be very happy to get some feedback on XArp 2! :)

Fine, you've kinda rewritten the ARP tools sample from WinPCap...

Re: ARP spoofing detection tool XArp 2

am 27.07.2006 09:52:43 von chrismc911

> Fine, you've kinda rewritten the ARP tools sample from WinPCap...

No, definetly not. Maybe you should have a look at XArp 2 and read some
articles about ARP spoofing to get a clue what this tool is for before
writing unqualified posts ...

Chris