How to Troubleshoot ARP Spoofing Attacks with Ax3soft Unicorn

ARP spoofing is a technique whereby an attacker sends fake ("spoofed") Address Resolution Protocol (ARP) messages onto a Local Area Network. Generally, the aim is to associate the attacker's MAC address with the IP address of another host (such as the default gateway), causing any traffic meant for that IP address to be sent to the attacker instead.

ARP spoofing may allow an attacker to intercept data frames on a LAN, modify the traffic, or stop the traffic altogether. Often the attack is used as an opening for other attacks, such as denial of service, man in the middle, or session hijacking attacks.

With Ax3soft Unicorn you can get an easy-to-use but advanced network traffic monitoring, protocol analysis and diagnosis software. It is a specialist to help us solve LAN troubles.

  • Solution:

The Events tab is the most direct and effective place to locate ARP spoofing attack, and should be our first choice. Its interface is displayed as figure below. When ARP spoofing attacks exists in your network, you will see many ARP Mac Address Changed event.

Unicorn Network Analyzer How tos