From 07cd0c662496ab918771914249ccd676693d3818 Mon Sep 17 00:00:00 2001
From: DanMcInerney <dan.h.mcinerney@gmail.com>
Date: Sun, 3 Feb 2013 15:57:38 -0700
Subject: [PATCH] first commit

---
 arp-ping-detector.py | 52 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100755 arp-ping-detector.py

diff --git a/arp-ping-detector.py b/arp-ping-detector.py
new file mode 100755
index 0000000..2a3aba7
--- /dev/null
+++ b/arp-ping-detector.py
@@ -0,0 +1,52 @@
+#!/usr/bin/python
+
+import logging
+logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
+from scapy.all import *
+conf.verb=1
+import time
+
+MACtest = []
+pktTime = [] 
+detectTimer = 0
+
+def monitor(pkt):
+
+	global MACtest
+	global pktTime
+	global detectTimer
+
+	MACcounter = 0
+	timeCounter = 0
+	sourceMAC = pkt.sprintf('%ARP.hwsrc%')
+	pktTime.append(time.mktime(time.gmtime())) 
+	pktDif = [pktTime[i+1]-pktTime[i] for i in range(len(pktTime)-1)]
+
+	if len(MACtest) < 8:
+		MACtest.append(sourceMAC)
+		for a in MACtest:
+			if a == sourceMAC:
+				MACcounter += 1
+		if MACcounter == 7:
+			for b in pktDif:
+				if b == 0:
+					timeCounter += 1	
+			if timeCounter == 6:
+				curTimer = time.mktime(time.gmtime())
+				lastDet = curTimer - detectTimer
+				print "LAST DETECT: %d" % lastDet 	
+				if lastDet > 30:
+					detectTimer = time.mktime(time.gmtime())
+					print "DETECTED*******************************"
+			MACcounter = 0
+			timeCounter = 0
+
+	else:
+		MACtest = []
+		pktTime = [] 
+		print "CLEARED"
+
+	print [pktTime[i+1]-pktTime[i] for i in range(len(pktTime)-1)]
+	print "MACtest: %s\n" % MACtest
+
+sniff(store=0, filter='arp', prn=monitor, iface="wlan0")