-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy patharpspoof_detector.py
More file actions
30 lines (22 loc) · 940 Bytes
/
arpspoof_detector.py
File metadata and controls
30 lines (22 loc) · 940 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
import scapy.all as scapy
def get_mac(ip):
arp_request = scapy.ARP(pdst=ip)
broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
arp_request_broadcast = broadcast / arp_request
answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0]
if len(answered_list) == 0:
print(f"[!] No response for IP: {ip}")
return None
return answered_list[0][1].hwsrc
def sniff(interface):
scapy.sniff(iface = interface, store = False, prn = process_sniffed_packet)
def process_sniffed_packet(packet):
if packet.haslayer(scapy.ARP) and packet[scapy.ARP].op == 2:
try:
real_mac = get_mac(packet[scapy.ARP].psrc)
response_mac = packet[scapy.ARP].hwsrc
if real_mac != response_mac:
print("ALERT! POSSIBLE INTRUSION DETECTED")
except IndexError:
pass
sniff("eth0") # name of the internet lan interface you are targeting