Forum Thread: Acceptable Methods

I've been working on an ARP poisoning (MitM) script, I plan on writing a how-to once I've completed it. In the script I need to find the MAC address of the victim and the router, the way I'm doing it now works just fine but I'm wondering if any of you could suggest a more acceptable method?

I'm currently using subprocess to call system commands, this simply pings the target once and then reads the attackers ARP cache as seen below.

Our Best Hacking & Security Guides

New Null Byte posts — delivered straight to your inbox.

3 Responses

Try nmap, if it's on a Linux machine. nmap -sP I think :)


It works, but just a little overkill IMO? A simple bash script like this does that all 8 lines, and thats done to make it look pretty. A simple "ping -c <ip> && arp -a" works fine for what you want.

Problem solved, I managed to adapt some code from my ARP scanner.

Share Your Thoughts

  • Hot
  • Active