An Interactive Visualization Tool for Teaching ARP Spoofing Attack

Verizon’s Data Breach Investigations Report states that local area network (LAN) access as the top vector for insider threats and misuses. In Ethernet, the common vulnerabilities come from Address Resolution Protocol (ARP). It is critical for students to learn how attacks on ARP works and learn the countermeasures. In a previous work, authors developed a hands-on lab to help students learn how ARP spoofing attack works by asking them to create and send attack packets. Visualization and simulation is a powerful tool in making students understand the concepts deeper and better. To further enhance learning, we present an interactive visualization tool that intuitively shows the effects of the ARP spoofing attack in real time. The Hacker Graphical User Interface (HGUI) was an interactive visualization tool developed to assists students in learning how a man-in-the-middle attack called ARP Spoofing works, by modeling a controlled ARP Spoofing attack using virtual machines and giving students the ability to alter elements of the attack by interacting with the visualization. This tool was developed using Processing, an open source programming language used in visual arts communities. It runs on virtual machines installed with Kali Linux. It animates attack packets, normal packets, and status of ARP cache. If students have successfully carried out the ARP spoofing attack, they can see the normal packets being routed to the attacking machine and the victim’s ARP cache being poisoned. We will evaluate and present the effectiveness of this tool in this paper.