detecting-arp-poisoning-in-network-traffic
CommunityDetect ARP poisoning in real-time networks.
Software Engineering#mitm#network-security#arp-poisoning#arp-spoofing#arpwatch#dynamic-arp-inspection#arp-detection
AuthorYukiIto1999
Version1.0.0
Installs0
System Documentation
What problem does it solve?
ARP poisoning is a network-layer attack where attackers associate their MAC with legitimate IPs to enable MitM. This Skill provides a multi-layered approach to detect and respond to ARP spoofing using ARPWatch, Dynamic ARP Inspection, Wireshark filters, and a Python detector.
Core Features & Use Cases
- Deploy ARPWatch for continuous monitoring across the network.
- Validate ARP integrity with Dynamic ARP Inspection and DHCP snooping prerequisites.
- Use Wireshark detection filters to surface suspicious ARP activity.
- Run a Python ARP monitor to detect MAC/IP changes, gratuitous ARP, and spoofing patterns in real time.
- Apply in SOC investigations, enterprise networks, or lab environments to identify MitM attempts and protect gateway traffic.
Quick Start
Start real-time ARP poisoning detection on your network interface using the ARPWatch/DAI/Wireshark workflow and optional Python monitor.
Dependency Matrix
Required Modules
scapy
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: detecting-arp-poisoning-in-network-traffic Download link: https://github.com/YukiIto1999/ctf-sleuth/archive/main.zip#detecting-arp-poisoning-in-network-traffic Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.