Exam 312-50v12 topic 1 question 93 discussion

A. You should check your ARP table and see if there is one IP address with two different MAC addresses. ARP spoofing is a type of attack where an attacker sends fake ARP (Address Resolution Protocol) messages to associate their MAC address with the IP address of another host on the network. This allows the attacker to intercept and modify traffic intended for the victim. By checking the ARP table on your laptop, you can see if there is any IP address with two different MAC addresses, which would indicate an ARP spoofing attack is in progress.

A: I saw this question somewhere else and the answer was "check ARP table".

A. You should check your ARP table and see if there is one IP address with two different MAC addresses ARP spoofing is a method of attacking an Ethernet LAN. It succeeds by changing the IP address of the attacker’s computer to that of the target computer. A forged ARP request and reply packet can find a place in the target ARP cache in this process. As the ARP reply has been forged, the destination computer (target) sends frames to the attacker’s computer, where the attacker can modify the frames before sending them to the source machine (User A) in an MITM attack. -- Module 08, page 1258

ChatGPT: Answer: A. You should check your ARP table and see if there is one IP address with two different MAC addresses. Explanation: ARP spoofing (or ARP poisoning) involves manipulating the ARP (Address Resolution Protocol) cache of a target device to associate its IP address with a different MAC address. This can be used for various malicious purposes, including intercepting network traffic. Checking the ARP table on your device is a common method to detect ARP spoofing. If there is an entry in the ARP table with the same IP address but different MAC addresses, it could indicate an ARP spoofing attack. The other options (B, C, D) do not specifically address ARP spoofing detection: Option B: Nmap can identify hosts on a network but may not directly detect ARP spoofing.

arp -a This will give you the ARP table The table shows the IP addresses in the left column, and MAC addresses in the middle. If the table contains two different IP addresses that share the same MAC address, then you are probably undergoing an ARP poisoning attack. As an example, let’s say that your ARP table contains a number of different addresses. When you scan through it, you may notice that two of the IP addresses have the same physical address. You might see something like this in your ARP table if you are actually being poisoned: Internet Address Physical Address 192.168.0.1 00-17-31-dc-39-ab 192.168.0.105 40-d4-48-cr-29-b2 192.168.0.106 00-17-31-dc-39-ab As you can see, both the first and the third MAC addresses match. This indicates that that the owner of the 192.168.0.106 IP address is most likely the attacker.

You are in a public space. The ARP table of the switch contains this information, but not your laptop's ARP table. Therefore, since you are not the administrator of the switch in this public space, the only available response is B -> "You should scan the network using Nmap to check the MAC addresses of all the hosts and look for duplicates."

Answer is B It can never be a duplicated IPs, you only can see a duplicated MAC addresses.

A. You should check your ARP table and see if there is one IP address with two different MAC addresses.

A. You should check your ARP table and see if there is one IP address with two different MAC addresses.