Forum Thread: Acceptable Methods

I've been working on an ARP poisoning (MitM) script, I plan on writing a how-to once I've completed it. In the script I need to find the MAC address of the victim and the router, the way I'm doing it now works just fine but I'm wondering if any of you could suggest a more acceptable method?

I'm currently using subprocess to call system commands, this simply pings the target once and then reads the attackers ARP cache as seen below.

Get The Weekly Null Byte Newsletter

Never miss a Null Byte guide.

3 Responses

Try nmap, if it's on a Linux machine. nmap -sP I think :)


It works, but just a little overkill IMO? A simple bash script like this does that all 8 lines, and thats done to make it look pretty. A simple "ping -c <ip> && arp -a" works fine for what you want.

Problem solved, I managed to adapt some code from my ARP scanner.

Share Your Thoughts

  • Hot
  • Active