npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

arp-validator

v1.0.0

Published

Security tool to detect arp poisoning attacks

Downloads

20

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

rnehra01rnehra01

Keywords

arppoisondetectsecuritynetwork

Readme

arp-validator

Security Tool to detect arp poisoning attacks

Features

  • Uses a faster approach in detection of arp poisoning attacks compared to passive approaches
  • Stores validated host for speed improvments
  • Works as a daemon process without interfering with normal traffic
  • Log's to any external file

Architecture

  +-------------+                +---------------+                  +------------+    
  |  ARP packet |    ARP Reply   | Mac-ARP Header|    Consistent    |   Spoof    |
  |   Sniffer   |  ------------> |  consistency  |  --------------> |  Detector  | 
  |             |     Packets    |    Checker    |    ARP Packets   |            |
  +-------------+                +---------------+                  +------------+
                                        |                                 /
                                   Inconsistent                         /
                                   ARP Packets                     Spoofed 
                                        |                        ARP Packets
                                        V                         /
                                +--------------+                /
                                |              |              /
                                |   Notifier   |  <----------
                                |              |
                                +--------------+

  1. ARP Packets Sniffer

    It sniffs all the ARP packets and discards

    • ARP Request Packets
    • ARP Reply packets sent by the machine itself which is using the tool (assuming host running the tool isn't ARP poisoning :stuck_out_tongue_winking_eye:)

  2. Mac-ARP Header Consistency Checker

    It matches

    • source MAC addresses in MAC header with ARP header
    • destination MAC addresses in MAC header with ARP header

    If any of above doesn't match, then it will notified.

  3. Spoof Detector

    It works on the basic property of TCP/IP stack.

    The network interface card of a host will accept packets sent to its MAC address, Broadcast  address
and subscribed multicast addresses. It will pass on these packets to the IP layer. The IP layer will
only  accept  IP packets  addressed to its IP address(s) and will  silently  discard the rest of the
packets.
If  the  accepted  packet  is a TCP packet it is passed on to the TCP  layer. If a TCP SYN packet is
received then the host will either respond back with a TCP SYN/ACK packet if the destination port is
open or with a TCP RST packet if the port is closed.

    So there can be two type of packets:

    • RIGHT MAC - RIGHT IP
    • RIGHT MAC - WRONG IP (Spoofed packet)

    For each consistent ARP packet, we will construct a TCP SYN packet with destination MAC and IP address as advertised by the ARP packet with some random TCP destination port and source MAC and IP address is that of the host running the tool.

    If a RST(port is closed) or ACK(port is listening) within TIME LIMIT is received for the SYN then host(who sent the ARP packet) is legitimate.

    Else No response is received within TIME LIMIT so host is not legitimate and it will be notified.

  4. Notifier

    It provides desktop notifications in case of ARP spoofing detection.

Usage

[sudo] arp-validator [action] [options]

actions:

	start		start arp-validator as a daemon

		options:
			--interface, -i
				Network interface on which tool works
				arp-validator start -i eth0 or --interface=eth0

			--hostdb, -d
				stores valid hosts in external file (absolute path)
				arp-validator start -d host_file or --hostdb=host_file

			--log, -l
				generte logs in external files(absolute path)
				arp-validator start -l log_file or --log=log_file


	stop		stop arp-validator daemon


	status		get status of arp-validator daemon


global options:

	--help, -h
		Displays help information about this script
		'arp-validator -h' or 'arp-validator --help'

	--version
		Displays version info
		arp-validator --version

Dependencies