In this section, results are shown that are being developed.
Jpcap is used to capture packets on the network. ARP attack and defence are
Fig .5 shows the ARP table. ARP provides a mechanism to
lookup on the network. ARP table is the place used to store this lookup. This
table will display all the connected host to a particular machine on the
Fig 6 shows the number of online host that are connected to
the victim and attacker machine on the same network. The attacker scans the
entire network and discovers the host on which attack is to be performed. The
IP range is scanned and only those host IP are displayed that are online.
Gateway IP of particular interface is fetched and entire network is searched
for attacking purpose. IP and MAC address of the host are displayed. The
attacker can select any victim of which he needs to sniff the network. Jpcap
sets a filter and displays only online host which can send and receive packets.
For performing attack, jpcap asks to choose a victim from the filtered host IP
address. It is shown that the attacker selects any one victim among the listed
host on which sniffing is to be done.
Fig.7 shows the DES
model used for ARP Poison. DES model
shows the time taken by attacker to perform attack and sniff victim’s machine.
It provides better mechanism to detect the attack performed by the attacker.
Fig.8 shows defending window. The detection is done on
victim’s machine. It shows that defending of attack is being started. It
captures all the IP address from the ARP table of the system and determines
which IP address is newly added. Any new added IP address is stored in ARP
table of system. The figure shows two new IP address that are added to the ARP
It also shows detection of spoofed IP. The fig describes
that an ARP request is sent to the specified IP address from the ARP table with
IP address and MAC address. If the systems IP address is already stored in the
system’s ARP table a message as particular IP address already exist. The
defending system searches for MAC address. If ARP table has two same MAC
address entry then the encountered IP address is spoofed IP address and thus
ARP spoofing is detected as shown in figure. Thus the defending system will
remove the IP address which has same MAC address as of other.
ARP protocol is a stateless protocol has very dangerous
consequences. An attacker could manipulate the connection of the users, steal
their data, and even redirect their traffic to different websites than the ones
they requested. Network administrators should become more aware of these
attacks and take countermeasures against them. Users should also become more
aware of them and use security solutions to prevent getting their data stolen.
Packet sniffer is a program which monitors network traffic which
passes through your computer. A packet sniffer which runs on your PC connected
to the internet using a modem, can tell you your current IP address as well as
the IP addresses of the web servers whose sites you are visiting. Most networks
use what is known as broadcast technology, meaning that every message
transmitted by one computer on a network can be read by any other computer on
The proposed scheme for ARP-Spoofing detection has following
1. Network security enhancement
2. Works with dynamic IP Addresses
3. No network congestion