Intrusion detection systems (IDS) are critical tools designed to detect and prevent unauthorized access and potential network threats. While IDS is well-established in traditional wired networks, deploying them in wireless environments presents distinct challenges, including limited computational resources and complex infrastructure configurations. Packet sniffing and man-in-the-middle (MitM) attacks also pose significant threats, potentially compromising sensitive data and disrupting communication. Traditional security measures like firewalls may not be sufficient to detect these sophisticated attacks. This paper implements a network intrusion detection system that monitors a computer network to detect Address Resolution Protocol spoofing attacks in real-time. The system comprises three host machines forming the network. Using Kali Linux, a bash script is deployed to monitor the network for signs of address resolution protocol (ARP) poisoning. An email alert system is integrated into the bash script, running in the background as a service for the network administrator. Various ARP spoofing attack scenarios are performed on the network to evaluate the efficiency of the network IDS. Results indicate that deploying IDS as a background service ensures continuous protection against ARP spoofing and poisoning. This is crucial in dynamic network environments where threats may arise unexpectedly.

Address resolution protocol poisoning; Address resolution protocol spoofing; Intrusion detection systems; Man-in-the-middle attacks; Wireless network