Certified Ethical Hacker (CEH v12) — Question 91

You are using a public Wi-Fi network inside a coffee shop. Before surfing the web, you use your VPN to prevent intruders from sniffing your traffic.
If you did not have a VPN, how would you identify whether someone is performing an ARP spoofing attack on your laptop?

Answer options

• A. You should check your ARP table and see if there is one IP address with two different MAC addresses.
• B. You should scan the network using Nmap to check the MAC addresses of all the hosts and look for duplicates.
• C. You should use netstat to check for any suspicious connections with another IP address within the LAN.
• D. You cannot identify such an attack and must use a VPN to protect your traffic.

Correct answer: A

Explanation

The correct answer is A because checking the ARP table for a single IP address associated with multiple MAC addresses is a direct indication of ARP spoofing. Option B, while useful for network scanning, does not specifically pinpoint the ARP spoofing issue. Option C focuses on active connections rather than ARP table discrepancies, and option D incorrectly states that identification is impossible without a VPN.