from scapy.allimport Ether, ARP, srp, sniff, conf
defget_mac(ip):"""
Returns the MAC address of `ip`, if it is unable to find it
for some reason, throws `IndexError`
"""
p = Ether(dst='ff:ff:ff:ff:ff:ff')/ARP(pdst=ip)
result = srp(p, timeout=3, verbose=False)[0]return result[0][1].hwsrc
defprocess(packet):# if the packet is an ARP packetif packet.haslayer(ARP):# if it is an ARP response (ARP reply)if packet[ARP].op ==2:try:# get the real MAC address of the sender
real_mac = get_mac(packet[ARP].psrc)# get the MAC address from the packet sent to us
response_mac = packet[ARP].hwsrc
# if they're different, definitely there is an attackif real_mac != response_mac:print(f"[!] You are under attack, REAL-MAC: {real_mac.upper()}, FAKE-MAC: {response_mac.upper()}")except IndexError:# unable to find the real mac# may be a fake IP or firewall is blocking packetspassif __name__ =="__main__":import sys
try:
iface = sys.argv[1]except IndexError:
iface = conf.iface
sniff(store=False, prn=process, iface=iface)