How to create a python dictionary containing an ARP table?

Question

I have created a python script to detect an ARP attack. I have already initiated a ARP spoof attack and stored the wireshark capture in a pcap file. Once the code is executed, the code is designed to alert of any possible attack based on the MAC value change.

But how do I create a dictionary in the first place to store the MAC--IP mappings, and then detect when there is a change of values to indicate an alert?

Can anyone guide me please?

from scapy.all import *

mac_table = {}
def main():  
    pkts = rdpcap('/root/Desktop/arp_capture.pcap')
    for packet in pkts: 
        if packet.haslayer(ARP):
        
            if packet[ARP].op == 2:
                try:
                
                    original_mac = req_mac(packet[ARP].psrc)
                
                    new_mac = packet[ARP].hwsrc
                
                    if original_mac != new_mac:
                        print(f"[**] ATTACK ALERT !!!!!! CHECK ARP TABLES !!![**]")
                except IndexError:
                
                    pass

def req_mac(ip):
    
    arp_req = ARP(pdst=ip)
    bcst_req = Ether(dst='ff:ff:ff:ff:ff:ff')
    p = bcst_req/arp_req
    
    result = srp(p, timeout=3, verbose=False)[0]
    return result[0][1].hwsrc


if __name__ == "__main__":
    main()

define a dict at top and try to watch for value changes using a while loop. — ghost21blade, Aug 10 '22 at 10:40
@ghost21blade I have no idea of how to get the dictionary to populate or check values from it for changes....? any help ?? — koshila_dodan, Aug 10 '22 at 11:16
I dont understand your code therefore i cant help you at the moment — ghost21blade, Aug 10 '22 at 11:21
You can use this module to read system's ARP table: [python_arptable](https://pypi.org/project/python_arptable/) — qouify, Aug 15 '22 at 07:21

How to create a python dictionary containing an ARP table?

0 Answers0