By using a number of different technologies, macmon is able to gather information on the operating system of an endpoint device as well as the domain name and computer name or the complete list of open and closed networking ports. From the very beginning this greatly enhances the visibility on the entire network and enables you to categorize and identify your endpoint devices on a deeper level.
In the background, macmon is going to compare the information gained with existing data to completely prevent address spoofing as well as attempted attacks. Man-in-the-middle attacks such as ARP spoofing and ARP poisoning are being detected and averted by macmon acting as your central security authority. Even duplicate IP addresses and MAC spoofing attempts are going to follow an alert and the immediate isolation of the affected device.