Certified Ethical Hacker (CEH v11) — Question 275

You are using a public Wi-Fi network inside a coffee shop. Before surfing the web, you use your VPN to prevent intruders from sniffing your traffic.
If you did not have a VPN, how would you identify whether someone is performing an ARP spoofing attack on your laptop?

Answer options

• A. You should check your ARP table and see if there is one IP address with two different MAC addresses.
• B. You should scan the network using Nmap to check the MAC addresses of all the hosts and look for duplicates.
• C. You should use netstat to check for any suspicious connections with another IP address within the LAN.
• D. You cannot identify such an attack and must use a VPN to protect your traffic.

Correct answer: A

Explanation

The correct answer is A because checking the ARP table for duplicate MAC addresses associated with the same IP address is a common method for identifying ARP spoofing. Option B, while useful for network scanning, does not specifically target ARP spoofing detection. Option C focuses on active connections rather than ARP table inconsistencies, and Option D is incorrect as it implies there are no detection methods without a VPN.