The embodiment of the invention discloses a method of automatically detecting host-passing-off ARP (Address Resolution Protocol) spoofing. The method of automatically detecting host-passing-off ARP spoofing includes a data acquisition method and an ARP spoofing detection method, wherein a data acquisition program uses an SNMP (Simple Network Management Protocol) to automatically obtain an ARP table of three-layer equipment on time and saving the ARP table in a database; the ARP spoofing detection method includes an initial screening stage and an analysis determination stage and includes the following steps: initially screening and obtaining the record that the number of different IP (Internet Protocol) addresses corresponding to one MAC (Media Access Control) address in the database is greater than one threshold; performing analysis and determination on each MAC address of the initial screening result; and through a white list, analysis of the value of ipNetToMediatype, analysis of the distribution range and the tense change rule of IP addresses, and other technical means, eliminating the special situations that the address is the own MAC address of a router and other network devices and a plurality of virtual machines are running on one computer, determining that the address is the ARP spoofing.