The shield in the main window is an button for start and stop the protection. Also it is indicator activity of service in real time.

For correctly work of modes invulnerability and recovery, you need to have the root and busybox, which must contain the arp utility. The default mode (arp check) does not require the root or busybox.

If you are using one of modes which requires root access, it is recommended to configure root manager so that the permissions is granted automatically, for guarantee correct work if protection service will be restarted (eg, system will relaunch app or update it).

For the test you need to have any program, which contains arp spoofer. Wifikill or interceptor traffic, it does not matter, because they all work on the same principle.

Check of ARP spoofer: Before moving to the ARP Guard testing, recommended to check the arp spoofer works to make sure that everything is configured correctly. It is not necessary to enable the protection for this test, just open the ARP Guard main window. Under the start button you can see current MAC address of the gateway and BSSID. What is needed:
1) Look at the MAC address of the gateway before the ARP Spoofing launch.
2) Run the arp spoofing. The gateway MAC address will change immediately. If this did not happen, then something is wrong and you need to check the settings in the arp spoofer.
So, MAC address of the gateway changed, the attack was successful. Now you need to turn off the ARP Spoofer, disconnect the device (on which installed the ARP Guard) from the WiFi network and connect again for clearing arp table.

Things to remember when testing the program in any mode: before moving on to testing, make sure the arp spoofer is not active, and the mac address of the gateway is correctly. If arp spoofing alrady works, please disable it and reconnect the device to the network again. If you want the application to respond to the attack, which began before connection to the network (or protection launch), you need to use 'bssid analysis' function, however, you first need to familiarize with possible problems when using this function.

Testing in the standard mode: Launch the protection. Then run arp spoofer. The application will react to the attack, showing a notification. Wi-fi will turn off automatically if this feature is enabled in the settings.

Testing in the invulnerability mode: Launch the protection. Then run arp spoofer. In the main window you can see that the MAC address of the gateway has not changed during the attack, the attack has failed.

Testing in the recovery mode: Launch the protection. Then run arp spoofer. The application will react to the attack, showing a notification. Also you can see in the main window as the MAC address of the gateway has been restored to the original. Program registers gateway address as permanent, so further attacks will be impossible. That is why app will not show warnings notifications when attack, until device will be not reconnect to the network.

App shows warning with gateway as attacker: likely the 'BSSID analysis' function is active. Solutions:
1) Add "attacker" address to the trusted addresses (you can find it in app menu)
2) Disable 'BSSID analysis' in the settings

Nothing happens when testing of program:
1) Check the protection mode. Attack notifications will not received at using invulnerability mode. At using recovery mode notifications will be shown only once, until reconnect to the network.
2) ARP spoofer must not works before protection launching. Also check the mac address of gateway at the moment of test. If you do not use bssid analysis, the attack must be started after launching of protection service (or connection of device to network).
3) Read carefully the section "Method of testing", to make sure that everything is done correctly.

If you can not solve your problem, or you have any questions about this app, you may contact to my email