Arp packets are an indicator of what machines are active on your network. ArpSpyX will passively sniff your network for ARP packets and display the IP and MAC address of the machine that generated the packet.

Possible uses of ArpSpyX include:
-Easily gather MAC Addresses of network machines remotely
-Quickly identify new clients on your wireless network
-Identify ARP Poisoning attacks by tracking multiple MAC Addresses for a single IP Address

To find out more about the Address Resolution Protocol (ARP), you can check out[url=http://www.faqs.org/rfcs/rfc826.html] RFC 826[/url]

[b]Requirements[/b]
ArpSpyX uses pcap and requires privileged access in order to sniff packets on the network. Therefore, you must allow non-privileged users the ability to read the bpf devices by issuing the following commands. NOTE: This allows other non-root users to sniff packets from your machine, so make sure you really want to do this: $ sudo chmod go+r /dev/bpf*

download [url=http://thebends.org/~allen/code/ArpSpyX.dmg]ArpySpy 1.0[/url]
or [url=http://thebends.org/cgi-bin/cvsweb.cgi/ArpSpyX]browse cvs source code[/url]

by Allen Porter

---

Filed under: OSX security tools - @ September 2, 2004 9:27 pm