Daniel Illouz Daniel Illouz - 1 year ago 203
Python Question

ARP spoofing defense in scapy

I am trying to do ARP spoofing defense, but my code didn't work. It's my first python program. thanks a lot.
i fix my code but the operation sniff still dont works, it tell my about syntax error, why?

import time
from scapy.all import *

def replay(packet):
global d
while 1:
if packet[ARP].psrc in d.keys():
return "you are under attackt"+" " +packet[ARP].psrc
return "not under attackt"
return "not under attakctp"


Answer Source

This should be closer to what you need, you need to check if ARP is in the packet or you will get an error using pkt[ARP]:

from scapy.all import ARP, sniff # import what you need

d = dict() # don't need global
while 1:
    def replay(pkt):
        if ARP in pkt and pkt[ARP].op == 2: # make sure ARP is in the packet
            if pkt[ARP].psrc in d: # just use in d
                if d[pkt[ARP].psrc] != pkt[ARP].hwsrc:
                    return "you are under attack {}".format(pkt[ARP].psrc)
                    return "not under attack1"
                d[pkt[ARP].psrc] = pkt[ARP].hwsrc
                return "not under attack2"

    sniff(prn=replay, filter="arp", timeout=10)

more info in the docs

:~$ sudo python scpy.py 
not under attack2
not under attack2
not under attack1
not under attack1
not under attack1
not under attack1
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download