How can you identify the attacking host during an ARP-based MiTM Attack?
Identifying which MAC address is falsely assigned to another network host
Identifying the network host which sends an unusual high amount of requests
Identifying the network host openining a VPN connection
Identifying who modified the file /etc/shadow