WEBVTT 00:01.360 --> 00:01.760 Okay. 00:01.760 --> 00:07.440 And now we have these packet sniffer program that we, uh, created. 00:07.480 --> 00:07.920 Okay. 00:08.760 --> 00:14.320 I also created ARP spoof detector, uh, program here. 00:14.360 --> 00:14.560 Okay. 00:14.600 --> 00:23.480 I just created this file, and we are going to use some of this function that is here, uh, to create 00:23.520 --> 00:26.320 a detector LP detector. 00:26.360 --> 00:27.320 Okay. 00:27.360 --> 00:31.280 So here we have a sniff function, get URL, get login. 00:31.280 --> 00:34.560 We don't need a lot of this. 00:34.600 --> 00:34.880 Okay. 00:34.880 --> 00:39.160 Let me copy all and everything from here. 00:39.200 --> 00:40.160 Right in here. 00:40.160 --> 00:44.400 And then I will remove some of these functions. 00:44.440 --> 00:44.640 Okay. 00:44.640 --> 00:46.520 We don't need the get URL. 00:46.560 --> 00:46.760 Okay. 00:46.800 --> 00:50.240 Because we are not going to use it uh, in this program. 00:50.240 --> 00:52.360 And also we don't need HTTP here. 00:54.520 --> 00:58.480 And also we don't need all this stuff here. 00:59.360 --> 00:59.760 Okay. 01:00.480 --> 01:01.120 Perfect. 01:01.480 --> 01:13.010 The thing we need is scapy dot sniff Iface is equal to interface store is equal to false equal to process. 01:13.010 --> 01:15.170 Net package, which is a callback function. 01:15.170 --> 01:17.490 And we created the callback function right here. 01:18.610 --> 01:19.570 And. 01:22.330 --> 01:23.170 That is it okay. 01:23.690 --> 01:31.730 Here we need to add something like while we are capturing the package I want to see the information 01:31.730 --> 01:34.170 which is uh, inside that. 01:34.610 --> 01:37.050 Um, and I'm going to find out what is it. 01:37.050 --> 01:37.890 Okay. 01:37.890 --> 01:42.730 So here let's use if, if our package. 01:44.810 --> 01:50.210 If package dot as layer okay. 01:52.170 --> 01:56.210 We had Skippy dot AARP. 01:57.450 --> 02:04.090 And here we are going to use and this package um. 02:06.330 --> 02:12.970 As Skippy dot AARP if you are trying to use the AARP. 02:12.970 --> 02:18.650 So we use AARP if we are going to use, for example, the row we use, copy that row, anything. 02:19.130 --> 02:21.450 We can get that from here. 02:21.930 --> 02:25.650 And also we had another thing called OP okay. 02:25.690 --> 02:28.650 This is going to be equal to number two. 02:29.450 --> 02:34.930 So if this is equal to number two then we need to print this. 02:35.770 --> 02:40.690 This is going to be packet dot show okay. 02:41.250 --> 02:44.490 So now let me save this and let's go back here. 02:46.170 --> 02:57.490 Here I'm going to use AARP A and I'm going to find out what is uh you see this is the Mac address for 02:57.690 --> 03:00.570 our uh, for the router okay. 03:00.570 --> 03:05.130 And now I'm trying to do something like. 03:07.530 --> 03:10.330 Uh, do the attack from windows. 03:10.330 --> 03:13.770 But before that, let's go to this location. 03:13.770 --> 03:15.850 City document. 03:17.450 --> 03:22.220 Here we have ARP spoof detector. 03:22.580 --> 03:23.020 Okay. 03:24.340 --> 03:26.180 And here I need to use. 03:26.180 --> 03:26.900 I need to run this. 03:26.940 --> 03:27.180 Okay. 03:27.220 --> 03:35.220 So, uh, Python r spoof detector, hit enter, provide your password. 03:35.220 --> 03:35.660 Right now. 03:35.660 --> 03:37.660 You see, it is doing nothing. 03:37.700 --> 03:41.860 Okay, now let's come back here because we don't have here anything, okay? 03:41.860 --> 03:44.580 We're not capturing anything in the data. 03:44.620 --> 03:49.220 Let's come back here and try to do the attack. 03:49.260 --> 03:56.380 Go to cmd and here let's use Python ARP underscore spoof okay. 03:58.180 --> 04:01.380 And let's come back here. 04:01.380 --> 04:07.340 Here you see that we get this data okay. 04:09.580 --> 04:11.660 And let's use Ctrl C. 04:12.820 --> 04:13.900 Let's come back here. 04:16.180 --> 04:19.260 And use ARP Dash A. 04:19.300 --> 04:21.460 Let's see if it is changed or not. 04:23.660 --> 04:26.500 Here you see this is the IP for the router. 04:26.500 --> 04:30.540 And also this is the Mac address for MyFitnessPal router or the physical address for router. 04:30.940 --> 04:33.660 But now you see that it is changed. 04:33.660 --> 04:35.500 It got changed. 04:35.500 --> 04:35.780 Okay. 04:35.820 --> 04:37.340 Why it is changed? 04:37.340 --> 04:43.860 That is because we have done an attack from Windows on Kali Linux, and right now you see that it is 04:43.900 --> 04:44.180 changed. 04:44.220 --> 04:49.700 It got changed and we got this little information here okay. 04:51.660 --> 04:55.420 Like destination see source, destination source. 04:55.980 --> 05:01.420 And also we have all and everything here like ERP. 05:03.700 --> 05:07.620 ERP ERP we are here. 05:07.620 --> 05:11.100 We are only capturing the ERP packet okay. 05:12.220 --> 05:12.500 So. 05:14.700 --> 05:18.620 Uh right now this is it okay. 05:18.620 --> 05:28.020 Let's go in the next lecture, complete this program and uh, find out if someone is doing attack on 05:28.020 --> 05:29.540 our machine or not. 05:29.780 --> 05:32.980 So let's go and complete this program. 05:33.020 --> 05:35.180 ERP is both detector.