

ARP poisoning with Python.  - teawithcarl
http://danmcinerney.org/arp-poisoning-with-python-2

======
gwu78
Can a user spot ARP poisoning?

How about static ARP entries and taking note when any hostname-to-ether-
address mapping changes?

ARP monitoring with BSD

    
    
      arp -s hostname ether_addr
    

Then

    
    
      [ -f arp.dat ]||>arp.dat
      arpwatch -df arp.dat
    

Or what if the user disables ARP on the interface? Assuming driver was named
"eth" as in GNU/Linux:

    
    
      ifconfig eth0 -arp

~~~
Daviey
Err, I think you are missing the point. We know ARP poisioning can be
mitigated by using tools like arpwatch.

That isn't the point of this article.. I don't think it suggests it's any more
reliable than existing methods to poison.

Generally, It's a great example of using scapy - in a nice clean manner.
Thanks.

