Division Zero (Div0). Copyright © 2011-2018

All rights reserved.

Tiny Tool to Watch Out for ARP Poisoning

15 Jun 2015

Recently I had the pleasure to create a small script for someone to watch out some malicious, or just any, ARP changes in their local cache. This is what I came up with, in the academic context, so it is provided here for anyone if they find it suitable and good.

 

The script itself does not do much magic, just watches the ARP table and reports when changes occur. As part of larger project it might be useful, or just for fun to educate your curious mind about practical oddities in cyber security. This is done to run under Python and using BSD ARP tool. Beware of Python variations, dependencies and different ARP output.

 

from time import sleep
import threading, subprocess

arps = dict()

class check(threading.Thread):
def run(self):
while True:
arplines = subprocess.check_output(“arp -a | awk ‘{print $2 , $4}'”, shell=True).split(‘\n’)
for line in arplines:
if line.split():
k=line.split()[0]
v=line.split()[1]
if k in arps and arps[k] != v:
print “ALERT! MAC Address changed for ” + k
arps[k] = v

 

print arps
sleep(5)
return 0

 

main = check()
main.start()

Tags:

Share on Facebook
Share on Twitter
Please reload

RECENT POST

September 5, 2017

Please reload

CATEGORIES
Please reload

TAGS
RSS
RSS Feed