sting is a simple, host-based approach to detecting arp cache poisoning based man in the middle attacks (such as have been made famous by ettercap) on your LAN. it simply uses SNMP to periodically query the arp cache of your router and make sure its entry for you is correct. if it finds your entry has been replaced by something bogus, it sends you an alert. it is written in java for some strange reason.

assumptions:

external packages sting requires (that are not in the SE):

and if you don't even have a JRE you can get one here

to-do list:

thanks to Jonathan Sevy for writing the snmp package, and to Portland State University, Jim Binkley and David Burns for providing network lab access for testing.