I was wanting to write a program that would catch ARP cache poisons attempts. I was looking into ways to do this in python, I was just wondering what would be the best tactic and library to use? So far I was looking into command and subprocess library and parsing the text from tracert ( get IP of router ), and arp -n routers IP, and checking if it changes every minute or so but I think there is an easier way. Also this proggie will be open source so I will publish the code if you want. I know there are existing programs like this but one most are not open source, and this program will encompass more later, and two I want to learn the intricacies of programs like this.
Programming Security Tool
- Thread starter enigmaz7
- Start date
I haven't started it I am only in development right now, this is going to be a very simple command line program at first it may never reach a GUI, I just wanted a simple program to catch cache poison attempts. The main guts of the program will be when I find out how to check the MAC address, it will be a simple output ( probably with ncurses ) or a print statement saying cache poison attempt.
what's ARP cache poison? here's a link for getting the mac-address in python : http://stackoverflow.com/questions/159137/getting-mac-address
Last edited:
Basically its when someone trys to make themselves look like the router, so they send out a fake ARP packet and tell the person they are trying to infect that they are the router. The way you can tell the difference is that the MAC address of the router changes in your arp cache, thanks for the link I haven't read this one yet. Will get back with the source if I finish the program today.
