Certified Ethical Hacker (CEH v13) — Question 26

You are using a public Wi-Fi network inside a coffee shop. Before surfing the web, you use your VPN to prevent intruders from sniffing your traffic.
If you did not have a VPN, how would you identify whether someone is performing an ARP spoofing attack on your laptop?

Answer options

• A. You should check your ARP table and see if there is one IP address with two different MAC addresses.
• B. You should scan the network using Nmap to check the MAC addresses of all the hosts and look for duplicates.
• C. You should use netstat to check for any suspicious connections with another IP address within the LAN.
• D. You cannot identify such an attack and must use a VPN to protect your traffic.

Correct answer: A

Explanation

The correct answer is A, as checking the ARP table for duplicate MAC addresses indicates ARP spoofing. Option B, while useful for network scanning, does not directly address ARP spoofing detection. Option C focuses on monitoring connections rather than ARP issues, and option D incorrectly states that detection is not possible without a VPN.