A program that detects ARP spoofing attack in local network and reports it to the specified log server.
Install arp-spoofing-detector-rs with git
git clone https://github.com/tuchaVshortah/arp-spoofing-detector-rs.gitInstall Rust from the official site
https://www.rust-lang.org/tools/installCompile
cargo build --releaseEnjoy!
arp-spoofing-detector.exe .\arp-spoofing-detector.exe -h
ARP spoofing detector program
Usage: arp-spoofing-detector.exe [OPTIONS]
Options:
-i, --install-service Installs ArpSpoofDetectService with launch arguments
-u, --uninstall-service Uninstalls the service
-r, --run-service Runs the service
-p, --proto <PROTO> Specifies which protocol to use. Can be tcp or udp (case sensitive) [default: tcp]
--syslog-ip <SYSLOG_IP> Takes IP address of the Syslog server [default: 127.0.0.1]
--syslog-port <SYSLOG_PORT> Specifies the server port to connect to [default: 1468]
--local-ip <LOCAL_IP> Takes IP address of the local machine. Required when udp is used [default: 127.0.0.1]
--local-port <LOCAL_PORT> Specifies the local port to use. Required when udp is used [default: 9999]
--timeout <TIMEOUT> [default: 3]
-h, --help Print help
-V, --version Print versionSend logs to the remote using TCP:
.\arp-spoofing-detector.exe -p tcp --syslog-ip <remote-syslog-ip> --syslog-port <remote-syslog-port>Send logs to the remote using UDP:
.\arp-spoofing-detector.exe -p udp --local-ip <local-machine-ip> --local-port <local-machine-port> --syslog-ip <remote-syslog-ip> --syslog-port <remote-syslog-port>Install ArpSpoofDetectService with the following launch arguments
.\arp-spoofing-detector.exe -i -p tcp --syslog-ip 127.0.0.1 --syslog-port 1469 --timeout 2Start and stop ArpSpoofDetectService using the Services application
Uninstall ArpSpoofDetectService
.\arp-spoofing-detector.exe -u