awk script detects man-in-the-middle?

For discussions about programming, programming questions/advice, and projects that don't really have anything to do with Puppy.
Post Reply
Message
Author
Wognath
Posts: 423
Joined: Sun 19 Apr 2009, 17:23

awk script detects man-in-the-middle?

#1 Post by Wognath »

Hello,
I found a purported man-in-the-middle detector here. I think that the script looks for the mac address of the router and warns if it changes. But I don't know how. The script is basically

Code: Select all

while true; do sleep 5; awk '{if(x[$4]++) exit 1;}' /proc/net/arp || [print a warning] ; done
I'm not using this script, but it bugs me not to understand it :? Can someone explain the awk syntax? Thanks in advance.
Top
User avatar
MochiMoppel
Posts: 2084
Joined: Wed 26 Jan 2011, 09:06
Location: Japan

#2 Post by MochiMoppel »

Hmm..the script sends a warning if it finds a duplicated MAC address in the ARP table but it don't see how it would know if the MAC address has been changed. As long as all addresses are unique no warning is triggered.

Anyway, you might understand the syntax better by examining the famous oneliner which deletes duplicate lines. See also the comments.
Top
Wognath
Posts: 423
Joined: Sun 19 Apr 2009, 17:23

#3 Post by Wognath »

Thank you for the explanation and link. Awk is very cryptic. I had done a lot of googling without finding that syntax.
Top
Wognath
Posts: 423
Joined: Sun 19 Apr 2009, 17:23

#4 Post by Wognath »

My original question was about awk syntax, but since the moderator changed the subject ;) ...I have some questions about mitm
Another script from http://teh-geek.com?p=595 does what I thought the first one did: it checks for the mac address by

Code: Select all

gateway=$(ip route show | awk '(NR == 1) { print $3}')  
macaddr=$(arp $gateway | awk '(NR == 2) { print $3}')
and then re-checks periodically and warns if the mac address changes.

Questions:
1) Is it necessary to supply the gateway in the second line? I get the same result with just arp | awk ...
2) Am I right that this script is pointless unless I can be sure my initial connection is to the coffee-shop router and not to the guy at table 3?
3) Regarding the first script, why would one expect a mitm to produce a duplicate mac entry?

Thanks in advance.

P.S. I don't need a mitm detector, I'm just trying to learn something about this stuff.
Top
User avatar
Karl Godt
Posts: 4199
Joined: Sun 20 Jun 2010, 13:52
Location: Kiel,Germany

awk is un-usefull

#5 Post by Karl Godt »

AWK is some interpreter developed by whoever .

And I say Thank to that developer !

But AWK is seldom used by me , except for

Code: Select all

 >command> | '{print $X}'
Hate (g)AWK more than Jews or Arabs ..

Started to eat regional food like "Mettwurst" ..

Charles V. ..
«Give me GUI or Death» -- I give you [[Xx]term[inal]] [[Cc]on[s][ole]] .
Macpup user since 2010 on full installations.
People who want problems with Puppy boot frugal :P
Top
Post Reply

Return to “Programming”