What is Scapy?

Scapy is a packet manipulation tool for computer networks, originally written in Python. It can forge or decode packets, send them on the wire, capture them, and match requests and replies. It can also handle tasks like scanning, tracerouting, probing, unit tests, attacks, and network discovery. It runs on Linux, macOS, and Windows but the latest versions of Scapy support Windows out-of-the-box, so it is possible to use all the Scapy’s features on a Windows Machine also. Scapy can perform the following 

• Crafting any packet and encoding it
• Sniffing network packets
• Sending valid/invalid frames
• Injecting your own 802.11 frames
• Editing network packets
• Scanning the network
• Tracerouting and Probing
• Attacking Networks and discovery of networks.

ARP Spoofing is also known as ARP Poisoning which is a type of cyberattack in which a malicious user sends falsified ARP (Address Resolution Protocol) messages over a LAN (Local Area Network). This results in the linking of an attacker’s MAC Address with the IP Address of a legitimate computer or server on the network.

Here we’ll perform passive monitoring or scanning to sniff the packets in the network after we receive one ARP Packet there are two things to be analyzed, on comparing them if they don’t match then the user is under ARP Spoof attack. In order to spoof and detect the ARP Packets inside the network use Scapy with Python to perform the detection of ARP Packets with the help of MAC Address and Interface.

• Source MAC Address
• Real MAC Address of the sender