PROGRAMMING A NETWORK SCANNER/ARP PROTOCOL

2 min read
0

# Network scanner

  • there Discover all devices on the network
  • Display there IP addresss
  • Display there MAC address
THE VIRTUAL MACHINE[VM] REQUIRE AN EXTERNAL ADAPTER TO SEARCH IP/MAC ADDRESS THE INBUILT WIFI ADAPTER WOULD NOT WORK!!

#CODES

  • ifconfig

the virtual interface created by virtual box/when we use kali machine to use nat network!
#VM THINK THAT IT IS CONNECTED TO A WIRED NETWORK

DISCOVER ALL DEVICES CONNECTED TO THE SAME NETWORK #CODE

  • netdiscover -r 10.0.2.1/16
#READ NETWORKING CONCEPTS IN MORE DETAILS

#ARP protocol
ARP-ADDRESS RESOLUTION PROTOCOL
A very simple protocol that allows us to link IP addresses to MAC addresses.
0R translate IP addresses to MAC addresses.
HOW ARP WORKS!
  • It sends a broadcast message/ARP request in a whole network it is known as broadcast MAC address
  • When a packet is set to be sent to the broadcast MAC address all clients on the same network will receive this packet
  • Now all of these devices will ignore this packet except the one that has this IP address which is 10.0.26/Device-C
  • This way device A will have the MAC address of device C and now it will be able to communicate with device C and do whatever task that it wanted to do initially.
USING SCRAPY TO CREATE AN ARP REQUEST!
USING SCAPY WITH ARP TO DISCOVER ALL CLIENTS IN THE NETWORK
#CODE
  1. #!/usr/bin/evn python

  3. import scapy.all as scapy
  4. def scan(ip):
  5.     scapy.arping(ip)

  7. scan("10.0.2.1/16")
 
WE DISCOVERED ALL CLIENTS BY USING scapy.arping(ip)


  • By using scapy.arping(ip)
  • we easily discover the clients
  • but this is SHORT-CUT!!
# SO WE ARE MAKING OUR OWN ALGORITHEMNSTEAD OF USING scapy.arping(ip)

# NETWORK SCANNER ALGORITHM

# GOAL - TO DISCOVER CLIENTS ON THE NETWORK

#1.Creat ARP request directed to broadcast MAC asking for IP
#2. Send a packet and receives a response
#3.Parse the response
#4.Print result

#1.Creat ARP request directed to broadcast MAC asking for IP

#1.1 _Use ARP to ask who has target IP
#1.2 _Set destination MAC to broadcast MAC

1.1 _Use ARP to ask who has target IP

#CODE
  1. #!/usr/bin/evn python

  3. import scapy.all as scapy
  4. def scan(ip):
  5.     arp_request = scapy.ARP()
  6.     print(arp_request.summary())
  7.     scapy.ls(scapy.ARP()) #used to seclect the field
  8. scan("10.0.2.1/16")
scapy.ls(scapy.ARP()) #used to seclect the field

# WE REQUIRE :
  • pdst: IPField  = '0.0.0.0' ('0.0.0.0') / CUZ
  • ARP who has 0.0.0.0 says 10.0.2.15 /in terminator
#CODE
  1. #!/usr/bin/evn python

  3. import scapy.all as scapy
  4. def scan(ip):
  5.     arp_request = scapy.ARP(pdst=ip)
  6.     print(arp_request.summary())

  8. scan("10.0.2.1/16")
Our ARP is saying who has this IP("10.0.2.1/16")
which is the IP that we're passing and it
and saying to return the result to("10.0.2.15")
#1.2 _Set destination MAC to broadcast MAC

NOW creating an Internet frame that will be sent to the broadcast. MAC address

#CODE:
  1. #!/usr/bin/evn python

  3. import scapy.all as scapy
  4. def scan(ip):
  5.     arp_request = scapy.ARP(pdst=ip)
  6.     broadcast = scapy.Ether()
  7.     scapy.ls(scapy.Ether()) #used to seclect the field

  9. scan("10.0.2.1/16")
scapy.ls(scapy.Ether()) #used to seclect the field

# WE REQUIRE :
  • dst : DestMACField = 'ff:ff:ff:ff:ff:ff' (None)
    CUZ WE NEED DISTINATION-MAC TO BROADCAST MA
#CODE:
  1. #!/usr/bin/evn python

  3. import scapy.all as scapy
  4. def scan(ip):
  5.     arp_request = scapy.ARP(pdst=ip)
  6.     broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
  7.     print(broadcast.summary())

  9. scan("10.0.2.1/16")


#CODE:combining the both code!
  1. #!/usr/bin/evn python

  3. import scapy.all as scapy
  4. def scan(ip):
  5.     arp_request = scapy.ARP(pdst=ip)
  6.     broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
  7.     arp_request_broadcast = broadcast/arp_request
  8.     print(arp_request_broadcast.summary())

  10. scan("10.0.2.1/16")
#TERMINAL


root@kali:~/PycharmProjects/scrap# python scrapy.py 
Ether / ARP who has Net('10.0.2.1/16') says 10.0.2.15


#---.show() # use to just show in MORE details!


  1. #!/usr/bin/evn python

  3. import scapy.all as scapy
  4. def scan(ip):
  5. arp_request = scapy.ARP(pdst=ip)
  6. arp_request.show() # use to just show in details!
  7. broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
  8. broadcast.show()
  9. arp_request_broadcast = broadcast/arp_request
  10. arp_request_broadcast.show()


  13. scan("10.0.2.1/16")
#TERMINAL
root@kali:~/PycharmProjects/scrap# python scrapy.py
###[ ARP ]###
  hwtype    = 0x1
  ptype     = IPv4
  hwlen     = 6
  plen      = 4
  op        = who-has
  hwsrc     = 08:00:27:7e:e2:d2
  psrc      = 10.0.2.15
  hwdst     = 00:00:00:00:00:00
  pdst      = Net('10.0.2.1/16')

###[ Ethernet ]###
  dst       = ff:ff:ff:ff:ff:ff
  src       = 08:00:27:7e:e2:d2
  type      = 0x9000

###[ Ethernet ]###
  dst       = ff:ff:ff:ff:ff:ff
  src       = 08:00:27:7e:e2:d2
  type      = ARP
###[ ARP ]###
     hwtype    = 0x1
     ptype     = IPv4
     hwlen     = 6
     plen      = 4
     op        = who-has
     hwsrc     = 08:00:27:7e:e2:d2
     psrc      = 10.0.2.15
     hwdst     = 00:00:00:00:00:00
     pdst      = Net('10.0.2.1/16')
#2.Send a packet and receives a response
#CODE:
  1. #!/usr/bin/evn python

  3. import scapy.all as scapy
  4. def scan(ip):
  5.     arp_request = scapy.ARP(pdst=ip)
  6.     broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
  7.     arp_request_broadcast = broadcast/arp_request
  8.     answered, unanswered = scapy.srp(arp_request_broadcast, timeout=1)
  9.     print(answered.summary())

  11. scan("10.0.2.1/16")
#HOW TO USE sr/srp FUNCTION IN SCAPY

READ IN MORE DETAILS
  • SO WE USE answered, unanswered AS VAIRIABLES
  • TIMEOUT is very important or the cammand will never exit
#CODE:print(answered.summary())
  1. #!/usr/bin/evn python

  3. import scapy.all as scapy
  4. def scan(ip):
  5.     arp_request = scapy.ARP(pdst=ip)
  6.     broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
  7.     arp_request_broadcast = broadcast/arp_request
  8.     answered, unanswered = scapy.srp(arp_request_broadcast, timeout=1)
  9.     print(answered.summary())

  11. scan("10.0.2.1/16")
WE GET MAC ADDRESS LIKE 52:54:00:12:35:00 /IP=10.0.2.1
#CODE:print(unanswered.summary())
#CLICK TO VIEW THE RESULT
UNANSWERD SAYS THAT: THIS IPS ARE NOT USED BY ANY CLINETS ON NETWORK/
THERE ARE CLINETS USING THEM
#3 Parse the response
#CODE:
  1. #!/usr/bin/evn python

  3. import scapy.all as scapy
  4. def scan(ip):
  5.     arp_request = scapy.ARP(pdst=ip)
  6.     broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
  7.     arp_request_broadcast = broadcast/arp_request
  8.     answered_list = scapy.srp(arp_request_broadcast, timeout=1)[0]

  10.     for element in answered_list:
  11.         print(element[1].show())
  12.         print("--------------------------------------------")

  14. scan("10.0.2.1/24")
    

  • line-8/- [0]  = used cuz we need just answered / answerd, unanswered /-[0], [1]
    • 

  • line-9/- for element in answered_list:= for/in is used to get the elements/its a LOOP
    • 

  • line-10/- print(element[1].show()) /EXPLANATION!
# See the 1st packet in the terminal
(<Ether  dst=ff:ff:ff:ff:ff:ff type=ARP |<ARP  pdst=10.0.2.1 |>>,
<Ether  dst=08:00:27:7e:e2:d2 src=52:54:00:12:35:00 type=ARP |
<ARP  hwtype=0x1 ptype=IPv4 hwlen=6 plen=4 op=is-at hwsrc=52:54:00:12:35:00 
psrc=10.0.2.1 hwdst=08:00:27:7e:e2:d2 pdst=10.0.2.15 |<Padding  
load='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' |>>>)
# THE COMA SEPERATES [0] / [1]
[0] = (<Ether  dst=ff:ff:ff:ff:ff:ff type=ARP |<ARP  pdst=10.0.2.1 |>>
[1] = <Ether  dst=08:00:27:7e:e2:d2 src=52:54:00:12:35:00 type=ARP |
<ARP  hwtype=0x1 ptype=IPv4 hwlen=6 plen=4 op=is-at hwsrc=52:54:00:12:35:00 
psrc=10.0.2.1 hwdst=08:00:27:7e:e2:d2 pdst=10.0.2.15 |<Padding  
load='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' |>>>)
# SO WE NEED [1] HENCE USED  /- print(element[1].show())
print(element.show())
print(element[1].show())
#CODE:
  1. #!/usr/bin/evn python

  3. import scapy.all as scapy
  4. def scan(ip):
  5.     arp_request = scapy.ARP(pdst=ip)
  6.     broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
  7.     arp_request_broadcast = broadcast/arp_request
  8.     answered_list = scapy.srp(arp_request_broadcast, timeout=1)[0]
  9.     for element in answered_list:
  10.         print(element[1].psrc)
  11.         print(element[1].hwsrc)
  12.         print("--------------------------------------------")

  14. scan("10.0.2.1/24")
  • hwsrc = HARDWARE SORCE/ MAC addres of the clinet that send the packet back to us
  • psrc = sorce IP that the packet was sent from
#CODE:TERMINAL!
root@kali:~/PycharmProjects/scrap# python scrapy.py 
Begin emission:Received 529 packets, got 3 answers, remaining 253 packets
10.0.2.1 #IP
52:54:00:12:35:00 #MAC ADDRESS
--------------------------------------------
10.0.2.2
52:54:00:12:35:00
--------------------------------------------
10.0.2.3
08:00:27:2e:d3:9f
#4.Print result
#CODE:

# !/usr/bin/evn python

  1. import scapy.all as scapy
  2. def scan(ip):
  3.     arp_request = scapy.ARP(pdst=ip)
  4.     broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
  5.     arp_request_broadcast = broadcast/arp_request
  6.     answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0]

  8.     print("IP\t\t\tMAC Address\n--------------------------------")
  9.     for element in answered_list:
  10.         print(element[1].psrc + "\t\t" + element[1].hwsrc)

  12. scan("10.0.2.1/24")
  • verbose=False = USED TO HIDE = Begin emission:
Received 529 packets, got 3 answers, remaining 253 packets"
  • \t = USED FOR PUT SPACE/TAB BETWEEN TWO THINGS
  • \n = GO GO DOWN IN LINE
  • REMEMBER THAT 8/9/10 IS A PART OF THE LOOP
root@kali:~/PycharmProjects/scrap# python scrapy.py 
IP       MAC Address
--------------------------------
10.0.2.1      52:54:00:12:35:00
10.0.2.2      52:54:00:12:35:00
10.0.2.3      08:00:27:2e:d3:9f

#MISSION ACOMPLISHED
   NOW Improving the Program Using a List of Dictionaries
#CODE:
  1. # !/usr/bin/evn python

  3. import scapy.all as scapy

  5. def scan(ip):
  6.     arp_request = scapy.ARP(pdst=ip)
  7.     broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
  8.     arp_request_broadcast = broadcast/arp_request
  9.     answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0]

  11.     clients_list = []
  12.     for element in answered_list:
  13.         clients_dict = {"ip":element[1].psrc, "mac":element[1].hwsrc}
  14.         clients_list.append(clients_dict)
  15.     return clients_list

  17. def print_result(result_list):
  18.     print("IP\t\t\tMAC Addres\n-------------------------------")
  19.     for client in result_list:
  20.         print(client["ip"] + "\t\t" + client["mac"])

  22. scan_result = scan("10.0.2.1/24")
  23. print_result(scan_result)


#ASSIGMENT!
  1. #!/usr/bin/env python
  2. # Network scanner

  4. import scapy.all as scapy
  5. import optparse


  8. def get_arguments():
  9.     parser = optparse.OptionParser()
  10.     parser.add_option("-t", "--target", dest="target", help="Target IP / IP range.")
  11.     options, arguments = parser.parse_args()
  12.     return options


  15. def scan(ip):
  16.     arp_request = scapy.ARP(pdst=ip)
  17.     broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
  18.     arp_request_broadcast = broadcast / arp_request
  19.     answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0]
  20.     clients_list = []
  21.     for element in answered_list:
  22.         client_dict = {"ip": element[1].psrc, "mac": element[1].hwsrc}
  23.         clients_list.append(client_dict)
  24.     return clients_list


  27. def print_result(results_list):
  28.     print("IP\t\t\tMAC Address\n-------------------------------")
  29.     for client in results_list:
  30.         print(client["ip"] + "\t\t" + client["mac"])


  33. options = get_arguments()
  34. scan_result = scan(options.target)
  35. print_result(scan_result)
#OPTPARSE VS ARGPARSE
Optparse is old and argparse is new/if python release its new stuffs it will update in argparse not optparse
opt parse work in python2/3 


 

4.94 / 169 rates

Post a Comment

If you have any doubts, please let me know

Previous Post Next Post