基于Linux的Python实现ARP检测防护软件设计模块包含能够获取局域网活动主机的MAC地址、IP地址能够检测防护ARP攻击行为并记录保存能够显示出ARP攻击源的MAC地址、IP地址。请用代码详细写出需要调用的py文件
- 获取局域网活动主机的MAC地址、IP地址的py文件:
import os
import re
def get_mac_ip():
arp_result = os.popen('arp -a')
arp_lines = arp_result.readlines()
mac_ip_dict = {}
for line in arp_lines:
match = re.search(r'(\d+\.\d+\.\d+\.\d+)\s+([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})', line)
if match:
ip = match.group(1)
mac = match.group(0).split()[1]
mac_ip_dict[ip] = mac
return mac_ip_dict
- 检测防护ARP攻击行为,并记录保存的py文件:
import time
import threading
from scapy.all import *
class ARPDetector:
def __init__(self, timeout=5):
self.timeout = timeout
self.arp_packets = {}
self.detector_thread = threading.Thread(target=self.detect_arp_attack)
self.detector_thread.setDaemon(True)
self.detector_thread.start()
def detect_arp_attack(self):
while True:
for key in list(self.arp_packets.keys()):
if time.time() - self.arp_packets[key]['time'] > self.timeout:
del self.arp_packets[key]
time.sleep(1)
def is_arp_attack(self, packet):
if ARP in packet and packet[ARP].op == 2:
if packet[ARP].psrc in self.arp_packets:
if self.arp_packets[packet[ARP].psrc]['mac'] != packet[ARP].hwsrc:
print(f'ARP attack detected: {packet[ARP].psrc} is-at {packet[ARP].hwsrc}')
else:
self.arp_packets[packet[ARP].psrc] = {'mac': packet[ARP].hwsrc, 'time': time.time()}
detector = ARPDetector()
def arp_monitor():
sniff(prn=detector.is_arp_attack, filter='arp', store=0)
if __name__ == '__main__':
arp_monitor()
- 显示出ARP攻击源的MAC地址、IP地址的py文件:
from scapy.all import *
def arp_display(packet):
if packet[ARP].op == 1:
print(f'IP: {packet[ARP].psrc} MAC: {packet[ARP].hwsrc}')
if __name__ == '__main__':
sniff(prn=arp_display, filter='arp', store=0)
``
原文地址: https://www.cveoy.top/t/topic/ffAH 著作权归作者所有。请勿转载和采集!