Note: store=False tells sniff() function to discard sniffed packets instead of storing them in memory, this is useful when the script runs for a very long time. More precisely, ARP replies, and then compares between the real MAC address and the response MAC address (that's sent in the packet itself).Īll we need to do now is to call the sniff() function with the callback written above: sniff(store=False, prn=process) Note: Scapy encodes the type of ARP packet in a field called "op" which stands for operation, by default the "op" is 1 or "who-has" which is an ARP request, and 2 or "is-at" is an ARP reply.Īs you may see, the above function checks for ARP packets. # may be a fake IP or firewall is blocking packets Print(f" You are under attack, REAL-MAC: ")
# if they're different, definitely there is an attack # get the MAC address from the packet sent to us Related: Build 24 Ethical Hacking Scripts & Tools with Python BookĪfter that, the sniff() function that we gonna use, takes a callback (or function) to apply to each packet sniffed, let's define it: def process(packet): Result = srp(p, timeout=3, verbose=False) P = Ether(dst='ff:ff:ff:ff:ff:ff')/ARP(pdst=ip) Returns the MAC address of `ip`, if it is unable to find it Then we need a function that given an IP address, it makes an ARP request and retrieves the real MAC address the that IP address: def get_mac(ip): Get: Build 24 Ethical Hacking Scripts & Tools with Python Book Writing the Scriptįirst, let's import what we gonna need (y ou need to install Scapy first, head to this tutorial or the official Scapy documentation for installation) : from scapy.all import Ether, ARP, srp, sniff, conf If they are not the same, then we are definitely under an ARP spoof attack! The real MAC address of the sender (we can easily get it by initiating an ARP request of the source IP address).Īnd then, we compare the two.The source MAC address (that can be spoofed).Once an ARP packet is received, we analyze two components: The basic idea behind the script that we're going to build is to keep sniffing packets (passive monitoring or scanning) in the network. Now, you are maybe wondering, how can we detect these kinds of attacks? well, that's what we are going to do in this tutorial.
In the previous tutorial, we built an ARP spoof script using Scapy that once it is established correctly, any traffic meant for the target host will be sent to the attacker's host.
0 kommentar(er)
