Results 1 to 6 of 6

Thread: Detect someone on network mitm?

  1. #1
    Join Date

    Detect someone on network mitm?

    Using kali, is there a way to detect someone on network doing a mitm attack?

  2. #2
    Join Date
    The most common technique for MITM is to use ARP poisoning. To learn about the process, put a promiscuous sniffer on to your LAN and use a tool such as arpspoof or ettercap to do the MITM; and a tool like wireshark to monitor the packets. IDS type tools such as SNORT are capable of automatically spotting these attacks.
    If it smells like a duck, walks like a duck and quacks like a duck; then it probably is a duck.

  3. #3
    Join Date
    use wireshark for get thats packet , then sniff it , open armitage , scam the networking using nmap os detect , u will have the attacker ip in local network , reattack him and its okay .

  4. #4
    Join Date
    If he/she is ARP spoof, run "arp -a". If your router IP resolves to a MAC already listed, then you are being MITM'ed. Also there is an ettercap plugin that can detect this.
    Visit my blog! PenTesting for Amateurs, by Amateurs -- Request your own tutorial, or send one to me to post.
    "thevanoutside" a Wordpress Blog!

  5. #5
    You can use these 2 scripts to detect MITM attacks. I don't take credit for either I just happen to have them both in my script collection.

    Link to script:

    Here's a link for a python version I just uploaded it for you guys called

    I pasted the bash script below for those who don't want to click the link. Don't worry I don't paste dumb links for AdFly or any of that ****. Hope this helps!

    # A fully customisable ARP spoofing detection script
    # Copyright (C) 2008 vladz <>
    # This tool will prevent yourself against Man-In-The-Middle attacks. For
    # better usage run this script in a xterm:
    # $ xterm -e "/bin/bash"

    f="/proc/net/arp" # Dump file of the kernel ARP table
    t=5 # Time interval between two checks (in sec)
    m="- WARNING - MITM detected" # Alert msg displayed when MITM occurs
    d="+%y/%m/%d-%H:%M:%S" # Date format style

    while true; do
    sleep ${t}; awk '{if(x[$4]++) exit 1;}' ${f} || \
    { printf "*** At %s %s ***\n" "`date ${d}`" "${m}"; cat ${f}; }
    Last edited by n1tr0g3n; 2014-01-17 at 09:05.

  6. #6
    Wireshark, will pick it up instantly.

Similar Threads

  1. Detect Network Hardware
    By Sp00n9 in forum Installing Archive
    Replies: 1
    Last Post: 2014-12-30, 18:33
  2. network-manager disconnects while doing MITM attack
    By br0k3ngl@55 in forum TroubleShooting Archive
    Replies: 0
    Last Post: 2014-01-26, 15:21

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts