Skip to content

megaproes/arp-sniffer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

46 Commits
docs
docs
 
 
include
include
 
 
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

arp-sniffer

Minimal ARP sniffer for Linux built on raw AF_PACKET sockets. Parses ARP requests/replies and prints them in text, CSV, or JSON. Supports auto-picking a sane default interface and optional promiscuous mode.

Quick start

make                      # build
sudo ./arp-sniffer \
  [-i IFACE] [-n COUNT] \
  [-f text|csv|json] [-P|--no-promisc]
# use -h/--help for details

Requires Linux and a C toolchain. Run as root or grant the binary CAP_NET_RAW:

sudo setcap cap_net_raw=eip ./arp-sniffer

Demo

ARP sniffer demo

TODO

  • GARP detection - Request where SPA == TPA and dest MAC is broadcast
  • Structured output: CSV/JSON as option
  • CLI options: -i <iface>, -p/--no-promisc, -c <count>, -f json|text
  • Stats & detection: Track (IP => MAC) mappings, detect duplicates, add counters.
  • Filtering: optional BPF/cls filter for selective capture.
  • Tests: more parser cases (replies, truncation, wrong EtherType, invalid fields).
  • Portability: currently Linux-only; add Windows later.
  • Add optional tcpdump-style 'who-has'/'is-at' output

License

MIT — see LICENSE.

About

Minimal ARP sniffer in C (Linux AF_PACKET)

Topics

arp arp-scan layer2

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages