Journal of Theoretical and Applied Information Technology 31 st August 2019. Vol.97. No 16 © 2005 – ongoing JATIT & LLS ISSN: 1992-8645 www.jatit.org E-ISSN: 1817-3195 4259 COMPARATIVE STUDY ON METHODS USED IN PREVENTION AND DETECTION AGAINST ADRESS RESOLUTION PROTOCOL SPOOFING ATTACK TSEHAY ADMASSU ASSEGIE 1 , PRAMOD SEKHARAN NAIR 2 1 Lecturer. Aksum University, Department of Computing Technology, Aksum, Ethiopia 2 Professor. Medi-Caps University Indore, Department of Computer Science and Engineering, MP, India E-mail: 1 tsehayadmassu2006@gmail.com, 2 pramodsnair@yahoo.com Correspondence E-mail: tsehayadmassu2006@gmail.com ABSTRACT Address Resolution Protocol spoofing attack is the most common type of local area network attacks. This is because the protocol packet does not contain any authentication information, which indicates the origins of reply packet. Therefore, all of the devices in Local Area Network are vulnerable to this attack. A tool like, ARPspoof can be used to generate a forged Address Resolution Protocol reply packet to perform the attack, even without any knowledge of the details behind address resolution process. The existence of such automated tools has created a hole for the attackers to easily attack a host in a local area network. And although it is underestimated attack, this attack opens the door for much sophisticated form of attacks, such as Man-in-Middle attack or even domain name system spoofing and many more sophisticated forms of attacks. In this paper, we will explore different tools and methods used in detection and prevention of Address Resolution Protocol Spoofing attack. The ARPspoof tool will be used to send spoofed Address Resolution Protocol reply packet to a host in local area network to further study how a host maintains the address resolution protocol cache table with the spoofed or a fake media access control, MAC cache table. Finally, we will compare the tools and methods used in detection and prevention against Address Resolution Protocol Spoofing attack in terms of their effectiveness in detection and prevention of the attack and system performance requirements. Keywords: ARP Spoofing, ARP Spoofing Attack, Packet Sniffing, ARP Inspection, Network Security 1. INTRODUCTION The Address Resolution Protocol is the portion of TCP/IP protocol set used for associating Media Access Control destination to the Internet Protocol destination for physical reachability between devices in a network. The Ethernet next hop must be discovered before data encapsulation is accomplished and Ethernet Frame is forwarded to hosts in a local area network. In order to take place communication in local area network, the lower layer address should be mapped to higher layer address. To make this association, an Address Resolution Protocol is used. Moreover, to avoid unnecessary generation of additional broadcast network traffic and to improve network performance an Address Resolution Protocol is required. Data link forwarding relies on the knowledge of the MAC address of the data link destination. The source must be aware of the target MAC address to which data should be transmitted. To transmit data at a data link layer, the forwarding host should have information of the lower layer address of the destination device to which Ethernet frame is to be forwarded. If the ARP cache table of a device is empty, then the device has to learn or resolve the upper layer address to lower layer address to physically reach the destination of the device [1, 2, 3]. The device learns the Media Access Control address through the Address Resolution Protocol process. Address Resolution Protocol process is required to resolve the Media Access Control address, to the internet protocol address. When a device needs to transmit any network traffic to another device for the very first time, the address resolution process is required. The device broadcasts an Address