Anyone have experience of using ARP Watch to monitor arp poisonning attack in network? I have windows machines in different VLANS. I want to monitor any ARP poisonning activity in my network. I checked with ARP watch in Ubintu Linux machine. Tried the ARPwatch machine in a single LAN Segment, I am getting emails, when new machines found in network. But not getting any notifications when ARP Posining occurs between one of my windows machines and gateway. Any idea?
Also I want to know weather I can use ARPWATCH machine in my SPAN Port to detect ARP Poisonning in all VLAN .Please share