Daniel Illouz Daniel Illouz - 3 months ago 36
Python Question

ARP spoofing defense in scapy

I am trying to do ARP spoofing defense, but my code didn't work. It's my first python program. thanks a lot.
i fix my code but the operation sniff still dont works, it tell my about syntax error, why?

import time
from scapy.all import *

d=dict()
def replay(packet):
global d
while 1:
if(packet[ARP].op==2):
if packet[ARP].psrc in d.keys():
if(d[key]!=packet[ARP].hwsrc):
return "you are under attackt"+" " +packet[ARP].psrc
else:
return "not under attackt"
else:
d[packet[ARP].psrc]=packet[ARP].hwsrc
return "not under attakctp"


sniff(prn=replay,filter="arp",timeout=10)

Answer

This should be closer to what you need, you need to check if ARP is in the packet or you will get an error using pkt[ARP]:

from scapy.all import ARP, sniff # import what you need

d = dict() # don't need global
while 1:
    def replay(pkt):
        if ARP in pkt and pkt[ARP].op == 2: # make sure ARP is in the packet
            if pkt[ARP].psrc in d: # just use in d
                if d[pkt[ARP].psrc] != pkt[ARP].hwsrc:
                    return "you are under attack {}".format(pkt[ARP].psrc)
                else:
                    return "not under attack1"
            else:
                d[pkt[ARP].psrc] = pkt[ARP].hwsrc
                return "not under attack2"

    sniff(prn=replay, filter="arp", timeout=10)

more info in the docs

:~$ sudo python scpy.py 
not under attack2
not under attack2
not under attack1
not under attack1
not under attack1
not under attack1