Thank you. I know Snort is commercial but how about Suricata-IDS? An IDS/IPS can help me about sniffing the traffic?
That's an overkill if you're on your personal home network. Even if you wanna setup some form of IDS/IPS it's not that simple as pushing a button. You have to configure databases, go through various config files, etc. lot of hassle in the end not even worth it if all you wanna do is prevent your box from being a target of man in the middle attack.
Arp spoofing is one of the ways a man in the middle attack takes place on a switched network. What you can do by the way is setup a static arp entry table for the gateway so that you are not vulnerable to arp-spoofing based attacks and it's quite simple.
I'll be demonstrating the case for Linux, for windows it'll probably something similar.
If you type "
arp -a" you'll see the mac address as well as the ip adress of hosts in your arp table, including your gateway (router).
Example:
# arp -a
login.yournetwork.com (192.168.1.1) at 90:2b:34:7a:b4:64 [ether] on wlan0Note the initial ip and mac address of your gateway and substitute with the command below.
arp -s [ip address] [mac address]Example:
# arp -s 192.168.1.1 90:2b:34:7a:b4:64Congrats your static arp entry is ready , the way you can confirm this is by issuing "
arp -a" command again and you'll see the "
PERM" flag on your gateway.
# arp -a
login.yournetwork.com (192.168.1.1) at 90:2b:34:7a:b4:64 [ether] PERM on wlan0Btw, this is only temporary cos if you reboot your box the static entries would go away so either you have to manually do this everytime or you can try setting up a script so that everytime your interface goes up it executes the script and sets up static arp entry before connecting to the network. Persistent static arp entries might cause issues when connecting to different networks so just roll with the temporary solution for now.
