-
Notifications
You must be signed in to change notification settings - Fork 11
/
arp-spoofing-detect.py
47 lines (40 loc) · 1.34 KB
/
arp-spoofing-detect.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# Implementing ARP Spoof Attack Detection Using Scapy
# import modules
import scapy.all as scapy
import time, sys
# code to get MAC Address
def mac(ipadd):
# requesting arp packets from the IP address
# if it's wrong then will throw error
arp_request = scapy.ARP(pdst=ipadd)
br = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
arp_req_br = br / arp_request
list_1 = scapy.srp(arp_req_br, timeout=5,
verbose=False)[0]
return list_1[0][1].hwsrc
# taking interface of the system as an argument
# to sniff packets inside the network
def sniff(interface):
# store=False tells sniff() function
# to discard sniffed packets
scapy.sniff(iface=interface, store=False,
prn=process_sniffed_packet)
# defining function to process sniffed packet
def process_sniffed_packet(packet):
# if it is an ARP packet and if it is an ARP Response
if packet.haslayer(scapy.ARP) and packet[scapy.ARP].op == 2:
# originalmac will get old MAC whereas
originalmac = mac(packet[scapy.ARP].psrc)
# responsemac will get response of the MAC
responsemac = packet[scapy.ARP].hwsrc
def slowprint(s):
for c in s + '\n' :
sys.stdout.write(c)
sys.stdout.flush()
time.sleep(10. / 100)
try:
# machine interface is "eth0", sniffing the interface
sniff(input("\033[92m [*] Enter Interface : "))
except KeyboardInterrupt:
slowprint("\n\033[91m [-] Exiting...")
time.sleep(2)