I've been working on an ARP poisoning (MitM) script, I plan on writing a how-to once I've completed it. In the script I need to find the MAC address of the victim and the router, the way I'm doing it now works just fine but I'm wondering if any of you could suggest a more acceptable method?
I'm currently using subprocess to call system commands, this simply pings the target once and then reads the attackers ARP cache as seen below.

3 Responses
Try nmap, if it's on a Linux machine. nmap -sP I think :)
Robyn
It works, but just a little overkill IMO? A simple bash script like this http://termbin.com/qsu1 does that all 8 lines, and thats done to make it look pretty. A simple "ping -c <ip> && arp -a" works fine for what you want.
Problem solved, I managed to adapt some code from my ARP scanner.
Share Your Thoughts