top of page
Writer's pictureDiv0 Blog Editor

Tiny Tool to Watch Out for ARP Poisoning

Recently I created a simple script for someone to watch out for malicious, or just any, ARP changes in their local cache.

The script just watches the ARP table and reports when modified. The script uses Python and BSD ARP tool. Do take note of the variations of Python version no., dependencies and ARP output.

from time import sleep  
import threading, subprocess

arps = dict()

class check(threading.Thread):  
  def run(self):  
    while True:  
      arplines = subprocess.check_output(“arp -a | awk ‘{print $2 , $4}'”, shell=True).split(‘\n’)  
      for line in arplines:  
        if line.split():  
          k=line.split()[0]  
          v=line.split()[1]  
          if k in arps and arps[k] != v:  
            print “ALERT! MAC Address changed for ” + k  arps[k] = v
     print arps  sleep(5)  return 0

main = check()  
main.start()
 

Author

Kristo Helasvuo, Guest Author.

36 views0 comments

Recent Posts

See All

Comments


Post: Blog2_Post
bottom of page