以下是修改后的完整代码：

import tkinter as tk from tkinter import messagebox import sys import time from scapy.all import *

ip_mac_dict = {} attack_source_dict = {}

获取本机MAC地址

def get_mac_address(ifname): try: mac = open('/sys/class/net/'+ifname+'/address').readline() except: mac = '00:00:00:00:00:00' return mac[0:17]

发送ARP请求

def send_arp_request(ifname, src_ip, src_mac, dst_ip): ether = Ether(dst='ff:ff:ff:ff:ff:ff', src=src_mac, type=0x0806) arp = ARP(hwtype=0x1, ptype=0x0800, hwlen=6, plen=4, op=1, hwsrc=src_mac, psrc=src_ip, hwdst='00:00:00:00:00:00', pdst=dst_ip) packet = ether/arp sendp(packet, iface=ifname, verbose=False)

发送ARP响应

def send_arp_reply(ifname, timeout=1): packet = sniff(iface=ifname, filter='arp and arp[7]=2', timeout=timeout) if packet: src_ip = packet[0][ARP].psrc src_mac = packet[0][ARP].hwsrc return {'src_ip': src_ip, 'src_mac': src_mac} else: return None

检测ICMP Flood攻击

def detect_icmp_flood(): icmp_count = 0 for ip, mac in attack_source_dict.items(): packets = sniff(filter='icmp and host ' + ip, timeout=1) if packets: icmp_count += len(packets) if icmp_count > 100: return '存在ICMP Flood攻击' else: return '未检测到ICMP Flood攻击'

检测TCP攻击

def detect_tcp_attack(): tcp_count = 0 for ip, mac in attack_source_dict.items(): packets = sniff(filter='tcp and host ' + ip, timeout=1) if packets: tcp_count += len(packets) if tcp_count > 50: return '存在TCP攻击' else: return '未检测到TCP攻击'

检测ARP欺骗攻击

def detect_arp_spoofing(): for ip, mac in ip_mac_dict.items(): if mac != get_mac_address(ifname): send_arp_request(ifname, ip, mac, '192.168.197.1') time.sleep(0.1) response = send_arp_reply(ifname, timeout=1) if response is not None and response['src_mac'] != mac: return '存在ARP欺骗攻击' return '未检测到ARP欺骗攻击'

扫描局域网内活动主机的IP地址和MAC地址

def scan_network(ifname): active_hosts = {} for i in range(1, 255): dst_ip = '192.168.197.' + str(i) send_arp_request(ifname, '192.168.197.1', get_mac_address(ifname), dst_ip) time.sleep(0.1) response = send_arp_reply(ifname, timeout=1) if response is not None: active_hosts[response['src_ip']] = response['src_mac'] return active_hosts

保存记录到本地文件

def save_records(): active_hosts = scan_network(ifname) with open('records.txt', 'w') as f: f.write('活动主机IP地址\t\tMAC地址\n') for ip, mac in ip_mac_dict.items(): f.write(ip + '\t' + mac + '\n') f.write('\n攻击源IP地址\t\tMAC地址\n') for ip, mac in attack_source_dict.items(): f.write(ip + '\t' + mac + '\n') f.write('\nICMP Flood攻击：' + detect_icmp_flood() + '\n') f.write('TCP攻击：' + detect_tcp_attack() + '\n') f.write('ARP欺骗攻击：' + detect_arp_spoofing() + '\n') f.write('')

创建可视化界面

def create_gui(): root = tk.Tk() root.title('ARP攻击检测防护软件') root.geometry('300x200')

# 扫描按钮
def scan_button_click():
    global ip_mac_dict
    ip_mac_dict = scan_network(ifname)
    messagebox.showinfo('提示', '扫描完成')

scan_button = tk.Button(root, text='扫描', command=scan_button_click)
scan_button.pack(pady=10)

# 检测按钮
def detect_button_click():
    global attack_source_dict
    attack_source_dict = {}
    for ip, mac in ip_mac_dict.items():
        if mac != get_mac_address(ifname):
            send_arp_request(ifname, '192.168.197.1', get_mac_address(ifname), ip)
            time.sleep(0.1)
            response = send_arp_reply(ifname, timeout=1)
            if response is not None and response['src_mac'] != mac:
                attack_source_dict[ip] = mac
    result = 'IP地址\t\tMAC地址\n'
    for ip, mac in ip_mac_dict.items():
        result += ip + '\t' + mac + '\n'
    result += '\n攻击源IP地址\t\tMAC地址\n'
    for ip, mac in attack_source_dict.items():
        result += ip + '\t' + mac + '\n'
    result += '\nICMP Flood攻击：' + detect_icmp_flood() + '\n'
    result += 'TCP攻击：' + detect_tcp_attack() + '\n'
    result += 'ARP欺骗攻击：' + detect_arp_spoofing() + '\n'
    messagebox.showinfo('检测结果', result)

detect_button = tk.Button(root, text='检测', command=detect_button_click)
detect_button.pack(pady=10)

# 保存按钮
def save_button_click():
    save_records()
    messagebox.showinfo('提示', '记录已保存到本地文件')

save_button = tk.Button(root, text='保存', command=save_button_click)
save_button.pack(pady=10)

root.mainloop()

主函数

if name == 'main': if len(sys.argv) < 2: print('Usage: python arp_attack_detection.py ') sys.exit(1) ifname = sys.argv[1] create_gui(