ArpSpyX: Monitor arp packets

Posted by deepquest on September 2, 2004 – 9:27 pm

Arp packets are an indicator of what machines are active on your network. ArpSpyX will passively sniff your network for ARP packets and display the IP and MAC address of the machine that generated the packet.

Possible uses of ArpSpyX include:
-Easily gather MAC Addresses of network machines remotely
-Quickly identify new clients on your wireless network
-Identify ARP Poisoning attacks by tracking multiple MAC Addresses for a single IP Address

To find out more about the Address Resolution Protocol (ARP), you can check out[url=http://www.faqs.org/rfcs/rfc826.html] RFC 826[/url]

[b]Requirements[/b]
ArpSpyX uses pcap and requires privileged access in order to sniff packets on the network. Therefore, you must allow non-privileged users the ability to read the bpf devices by issuing the following commands. NOTE: This allows other non-root users to sniff packets from your machine, so make sure you really want to do this: $ sudo chmod go+r /dev/bpf*

download [url=http://thebends.org/~allen/code/ArpSpyX.dmg]ArpySpy 1.0[/url]
or [url=http://thebends.org/cgi-bin/cvsweb.cgi/ArpSpyX]browse cvs source code[/url]

by Allen Porter

This post is under “OSX security tools” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Hackers hijack federal computers USB key authentication on OSX (10.3) »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

ArpSpyX: Monitor arp packets

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL