Code for How to Detect ARP Spoof Attack using Scapy in Python Tutorial

detect_arpspoof.py

from scapy.all import Ether, ARP, srp, sniff, conf

def get_mac(ip):
    """
    Returns the MAC address of `ip`, if it is unable to find it
    for some reason, throws `IndexError`
    """
    p = Ether(dst='ff:ff:ff:ff:ff:ff')/ARP(pdst=ip)
    result = srp(p, timeout=3, verbose=False)[0]
    return result[0][1].hwsrc

def process(packet):
    # if the packet is an ARP packet
    if packet.haslayer(ARP):
        # if it is an ARP response (ARP reply)
        if packet[ARP].op == 2:
            try:
                # get the real MAC address of the sender
                real_mac = get_mac(packet[ARP].psrc)
                # get the MAC address from the packet sent to us
                response_mac = packet[ARP].hwsrc
                # if they're different, definitely there is an attack
                if real_mac != response_mac:
                    print(f"[!] You are under attack, REAL-MAC: {real_mac.upper()}, FAKE-MAC: {response_mac.upper()}")
            except IndexError:
                # unable to find the real mac
                # may be a fake IP or firewall is blocking packets
                pass

if __name__ == "__main__":
    import sys
    try:
        iface = sys.argv[1]
    except IndexError:
        iface = conf.iface
    sniff(store=False, prn=process, iface=iface)

Practical Python PDF Processing EBook - Topic - Top

New Tutorials

How to Lock PDFs in Python

How to Build a Twitter (X) Bot in Python

How to Create a Space Invaders Game in Python

How to Crack the Caesar Cipher in Python

How to Implement the Caesar Cipher in Python

Code for How to Detect ARP Spoof Attack using Scapy in Python Tutorial

Tags

New Tutorials

Popular Tutorials