ARP responder using Python / scapy

arp_responder.py

# Horrible bodge for when ESP82xx devices are not responding to ARP requests any more.
# This script can run anywhere on the subnet. It listens for ARP requests and responds
# with the MAC address in macDict based on the IP address.
#
# Note that it will ONLY respond if the IP address is found in macDict below.
#
# Please be careful with this tool. If wrongly configured, network breakage could occur.
#
# Requires scapy (pip install scapy) and tcpdump. Running tcpdump usually requires root
# so this script will need to be run as root.
#
# TODO: It would be great if the script could be improved to only send a response if we do
# not see a response on the wire within a second or so. At the moment we are blindy assuming
# that the ARP response is not coming. This will involve a lot more logic to keep track of what
# ARP requests have come in, and if they have been answered or not.

from __future__ import print_function
from scapy.all import *
import time

# Your network broadcast address
broadcastNet = "192.168.100.255"

macDict = { "192.168.100.152" : "60:01:94:98:97:c6",
            "192.168.100.149" : "68:c6:3a:a7:d3:40"}
            
# Use MAC address of this machine as source. If not eth0, change this:            
myMAC = get_if_hwaddr('eth0')

def handle_packet(packet):
    if packet[ARP].op == ARP.who_has:
        #print("Someone is asking about " + packet.pdst)
        #print(packet.summary())
        
        if packet.pdst in macDict:
            print("Sending ARP response for " + packet.pdst)
            reply = ARP(op=ARP.is_at, hwsrc=macDict[packet.pdst], psrc=packet.pdst, hwdst="ff:ff:ff:ff:ff:ff", pdst=broadcastNet)
            go = Ether(dst="ff:ff:ff:ff:ff:ff", src=myMAC) / reply
            sendp(go)
    return

# Sniff for ARP packets. Run handle_packet() on each one
sniff(filter="arp",prn=handle_packet)

Hi, thanks for the script. I do get this error though:

Traceback (most recent call last):
  File "macfix.py", line 42, in <module>
    sniff(filter="arp",prn=handle_packet)
  File "/home/ps/.local/lib/python2.7/site-packages/scapy/sendrecv.py", line 1036, in sniff
    sniffer._run(*args, **kwargs)
  File "/home/ps/.local/lib/python2.7/site-packages/scapy/sendrecv.py", line 989, in _run
    session.on_packet_received(p)
  File "/home/ps/.local/lib/python2.7/site-packages/scapy/sessions.py", line 82, in on_packet_received
    result = self.prn(pkt)
  File "macfix.py", line 30, in handle_packet
    if packet[ARP].op == ARP.who_has:
  File "/home/ps/.local/lib/python2.7/site-packages/scapy/base_classes.py", line 254, in __getattr__
    raise AttributeError(attr)
AttributeError: who_has

Maybe who_has is not correct in recent tcp-dump?

Quick update, it seems to work with this fix: 'who-has' instead if ARP.who_has