I'm trying to create a python script to detect ARP poisoning on WiFi networks. I'm using scapy and wireshark to check scapy's output. I'm stuck trying to see all ARP traffic on the network, I can only see packets sent by me and broadcasted ones. Is this correct or should I see all traffic? My intention is to see a ARP response saying IP 192.168.1.1 is at attackers_Mac
and based on this, alert about attack.
Thank you.