• Div0 Blog Editor

Tiny Tool to Watch Out for ARP Poisoning

Recently I created a simple script for someone to watch out for malicious, or just any, ARP changes in their local cache.

The script just watches the ARP table and reports when modified. The script uses Python and BSD ARP tool. Do take note of the variations of Python version no., dependencies and ARP output.

from time import sleep  
import threading, subprocess

arps = dict()

class check(threading.Thread):  
  def run(self):  
    while True:  
      arplines = subprocess.check_output(“arp -a | awk ‘{print $2 , $4}'”, shell=True).split(‘\n’)  
      for line in arplines:  
        if line.split():  
          k=line.split()[0]  
          v=line.split()[1]  
          if k in arps and arps[k] != v:  
            print “ALERT! MAC Address changed for+ k  arps[k] = v
     print arps  sleep(5)  return 0

main = check()  
main.start()

Author

Kristo Helasvuo, Guest Author.

 
  • Facebook
  • Twitter
  • YouTube

Contact Us

Terms of Use | Code of Conduct

All rights reserved.

Division Zero (Div0) © 2017-2020.

Edgis © 2011-2017.