解析TCP包

def parse_tcp_packet(packet): src_mac = ':'.join(['%02x' % b for b in packet[6:12]]) src_ip = socket.inet_ntoa(packet[26:30]) dst_ip = socket.inet_ntoa(packet[30:34]) tcp_flags = struct.unpack('!B', packet[47:48])[0] if tcp_flags == TCP_SYN: attack_source_dict[src_ip] = src_mac

监听网络数据包

def sniff_packets(ifname): s = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(ETH_P_ALL)) s.bind((ifname, ETH_P_ALL)) while True: packet = s.recvfrom(2048)[0] if len(packet) < ETH_LEN: continue eth_type = struct.unpack('!H', packet[12:14])[0] if eth_type == 0x0806: parse_arp_packet(packet) elif eth_type == 0x0800: ip_proto = struct.unpack('!B', packet[23:24])[0] if ip_proto == 0x01: parse_icmp_packet(packet) elif ip_proto == 0x06: parse_tcp_packet(packet)

检测ICMP Flood攻击

def detect_icmp_flood(): if len(ip_mac_dict) == 0: return '并没有遭到ICMP Flood攻击' for ip in ip_mac_dict.keys(): count = 0 for src_ip in attack_source_dict.keys(): if src_ip == ip: count += 1 if count > 100: return '遭到ICMP Flood攻击' return '并没有遭到ICMP Flood攻击'

检测TCP攻击

def detect_tcp_attack(): if len(ip_mac_dict) == 0: return '并没有遭到TCP攻击' for ip in ip_mac_dict.keys(): count = 0 for src_ip in attack_source_dict.keys(): if src_ip == ip: count += 1 if count > 10: return '遭到TCP攻击' return '并没有遭到TCP攻击'

检测ARP欺骗攻击

def detect_arp_spoofing(): if len(ip_mac_dict) == 0: return '并没有遭到ARP欺骗攻击' for ip, mac in ip_mac_dict.items(): if mac != get_mac_address(ifname): return '遭到ARP欺骗攻击' return '并没有遭到ARP欺骗攻击'

扫描局域网内活动主机的IP地址和MAC地址

def scan_and_detect(ifname): global ip_mac_dict, attack_source_dict ip_mac_dict = scan_network(ifname) attack_source_dict = {} for ip, mac in ip_mac_dict.items(): if mac != get_mac_address(ifname): send_arp_request(ifname, '192.168.197.1', get_mac_address(ifname), ip) time.sleep(0.1) response = send_arp_reply(ifname, timeout=1) if response is not None and response['src_mac'] != mac: attack_source_dict[ip] = mac return ip_mac_dict, attack_source_dict

保存记录到本地文件

def save_records(): with open('records.txt', 'w') as f: f.write('活动主机IP地址\t\tMAC地址\n') for ip, mac in ip_mac_dict.items(): f.write(ip + '\t' + mac + '\n') f.write('\n攻击源IP地址\t\tMAC地址\n') for ip, mac in attack_source_dict.items(): f.write(ip + '\t' + mac + '\n') f.write('\nICMP Flood攻击：' + detect_icmp_flood() + '\n') f.write('TCP攻击：' + detect_tcp_attack() + '\n') f.write('ARP欺骗攻击：' + detect_arp_spoofing() + '\n') f.write('')

创建可视化界面

def scan_network_wrapper(ifname): active_hosts = scan_network(ifname) print('Active hosts:', active_hosts) # 添加打印语句 return active_hosts

创建可视化界面

def create_gui(): root = tk.Tk() root.title('ARP攻击检测防护软件') root.geometry('300x200')

# 扫描按钮
def scan_button_click():
    global ip_mac_dict
    ip_mac_dict = scan_network_wrapper(ifname)  # 调用封装好的函数
    messagebox.showinfo('提示', '扫描完成')

scan_button = tk.Button(root, text='扫描', command=scan_button_click)
scan_button.pack(pady=10)

# 检测按钮
def detect_button_click():
    global attack_source_dict
    attack_source_dict = {}
    for ip, mac in ip_mac_dict.items():
        if mac != get_mac_address(ifname):
            send_arp_request(ifname, '192.168.197.1', get_mac_address(ifname), ip)
            time.sleep(0.1)
            response = send_arp_reply(ifname, timeout=1)
            if response is not None and response['src_mac'] != mac:
                attack_source_dict[ip] = mac
    result = 'IP地址\t\tMAC地址\n'
    for ip, mac in ip_mac_dict.items():
        result += ip + '\t' + mac + '\n'
    result += '\n攻击源IP地址\t\tMAC地址\n'
    for ip, mac in attack_source_dict.items():
        result += ip + '\t' + mac + '\n'
    result += '\nICMP Flood攻击：' + detect_icmp_flood() + '\n'
    result += 'TCP攻击：' + detect_tcp_attack() + '\n'
    result += 'ARP欺骗攻击：' + detect_arp_spoofing() + '\n'
    messagebox.showinfo('检测结果', result)

detect_button = tk.Button(root, text='检测', command=detect_button_click)
detect_button.pack(pady=10)

# 保存按钮
def save_button_click():
    save_records()
    messagebox.showinfo('提示', '记录已保存到本地文件')

save_button = tk.Button(root, text='保存', command=save_button_click)
save_button.pack(pady=10)

root.mainloop()

主函数

if name == 'main': if len(sys.argv) < 2: print('Usage: python arp_attack_detection.py ') sys.exit(1) ifname = sys.argv[1] create_gui() ip_mac_dict, attack_source_dict = scan_and_detect(ifname) save_records(