基于Linux的ARP攻击检测防护软件设计与实现

以下是一个基于Python实现的简单ARP攻击检测防护软件的代码示例：

import os
import time
import socket
import struct
from tkinter import *

# ICMP Flood检测
def detect_icmp_flood():
    cmd = 'tcpdump -c 100 -nn -i eth0 icmp'
    result = os.popen(cmd).read()
    if '100 packets captured' in result:
        print('检测到ICMP Flood攻击')
    else:
        print('没有检测到ICMP Flood攻击')

# TCP攻击检测
def detect_tcp_attack():
    cmd = 'tcpdump -c 100 -nn -i eth0 tcp'
    result = os.popen(cmd).read()
    if '100 packets captured' in result:
        print('检测到TCP攻击')
    else:
        print('没有检测到TCP攻击')

# ARP欺骗攻击检测
def detect_arp_attack():
    cmd = 'arpwatch -i eth0'
    result = os.popen(cmd).read()
    if 'arpwatch: ethernet address' in result:
        print('检测到ARP欺骗攻击')
        attack_info = result.split('\n')[-2]
        attack_ip = attack_info.split()[2]
        attack_mac = attack_info.split()[4]
        print('攻击源IP地址：', attack_ip)
        print('攻击源MAC地址：', attack_mac)
    else:
        print('没有检测到ARP欺骗攻击')

# 扫描和记录局域网内活动主机的IP地址和MAC地址
def scan_hosts():
    cmd = 'arp-scan --localnet'
    result = os.popen(cmd).read()
    hosts = []
    for line in result.split('\n'):
        if ':' in line:
            parts = line.split()
            ip = parts[0]
            mac = parts[1]
            hosts.append((ip, mac))
    return hosts

# 将记录保存在本地文件上
def save_to_file(hosts):
    with open('hosts.txt', 'w') as f:
        for host in hosts:
            f.write(host[0] + ' ' + host[1] + '\n')

# 可视化界面
def create_gui():
    root = Tk()
    root.title('ARP攻击检测防护软件')

    frame1 = Frame(root)
    frame1.pack(side=TOP, pady=10)
    Label(frame1, text='ARP攻击检测：').pack(side=LEFT)
    Button(frame1, text='检测ICMP Flood', command=detect_icmp_flood).pack(side=LEFT, padx=10)
    Button(frame1, text='检测TCP攻击', command=detect_tcp_attack).pack(side=LEFT, padx=10)
    Button(frame1, text='检测ARP欺骗攻击', command=detect_arp_attack).pack(side=LEFT, padx=10)

    frame2 = Frame(root)
    frame2.pack(side=TOP, pady=10)
    Label(frame2, text='扫描和记录活动主机：').pack(side=LEFT)
    Button(frame2, text='扫描', command=lambda: save_to_file(scan_hosts())).pack(side=LEFT, padx=10)

    root.mainloop()

if __name__ == '__main__':
    create_gui()

该代码实现了一个基本的ARP攻击检测防护软件，包括三个独立的模块：ICMP Flood检测、TCP攻击检测和ARP欺骗攻击检测。同时还实现了扫描和记录局域网内活动主机的IP地址和MAC地址，并将记录保存在本地文件上。可视化界面使用了Python的tkinter模块实现。