I want to try and do a script that will detect devices that distribute incorrect mac address detail in “fraudulent ARP packets” and add their addresses to a blacklist.
The idea is that the script will sniff arp packets and if the reply-mac address is different to the known mac address for the default gateway the associated IP address wil be blacklisted.
I looked at /tool mac-scan as a possible option to inspect the mac-address/ip-address pairs. If I then detect any false information with mac-scan the idea is to start the packet sniffer and find the illegitimate address.
Has anybody else done scripting to do something similar or have any other suggestions how to achieve this?