[英]Detect ARP scan using python
我想檢測是否有人在網絡上執行ARP掃描並顯示源IP。 意外的ARP請求數量不足以檢測ARP掃描。 這是我的代碼-
import pyshark
cap = pyshark.FileCapture('arpscan.pcap',display_filter='arp.opcode==1 && arp.dst.hw_mac==00:00:00:00:00:00',only_summaries=True)
count=0
for pkt in cap:
count=count+1
if count>10:
print (" ")
print ("Someone is scanning your network!\n\n")
print ("For Attacker's Ip, visit 'Tell' section in summary below\n\n ")
print("----Further details----")
print "No of ARP Request Packet Received: ", count
print("----Summary of ARP packet Received---")
for pkt in cap:
print (pkt)
else:
print ("No ARP scan identified!")
我想提取源IP,即數據包的Tell部分中的IP。 我沒有這樣做。 有人可以告訴我如何顯示源IP嗎?
我找到了解決方案。 可以使用scapy代替pyshark!
from scapy.all import *
packets = sniff(offline=filename,filter='arp')
source=''
source_mac=''
count=0
for pkt in packets:
if pkt[ARP].op==1:
count=count+1
if count==5:
source = pkt.sprintf("%ARP.psrc%")
source_mac = pkt.sprintf("%ARP.hwsrc%")
if count>10:
print "\nSomeone is scanning your network!"
print "Source (IP): ",source
print "Mac Address of Attacker: ",source_mac
else:
print ("No Scan Identified!")
另外,我們可以使用scapy訪問is_at和Tell字段:
operation = packet.sprintf("%ARP.op%")
if operation=="is_at":
#do stuff
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.