Exploring Network Scanning with Python and Scapy

Network scanning is an essential technique for diagnosing network issues, monitoring devices, or even conducting ethical penetration testing. Python, combined with the versatile Scapy library, makes it easy to create custom tools for such tasks. In this blog post, we’ll dive into a Python script that scans devices in a subnet using ARP requests and ICMP packets.

The Purpose of the Code

This script is designed to:

  1. Generate all possible host IPs within a given subnet.
  2. Send ARP broadcast packets and ICMP echo requests to identify active devices.
  3. Report which devices are online or offline.

Let’s break the code into sections to understand how it works.

Setting Up the Environment

First of all it’s important to set up the basis of the code.

Importing packages and set variables

Here’s what each part does:

  • Imports: The script uses Scapy’s inet and l2 layers for crafting and handling packets.
  • Timeout: Defines a timeout of 5 seconds for waiting on ICMP replies.
  • Verbose mode off: Disables Scapy’s verbose output for a cleaner terminal experience.

Generating IP Addresses in a Subnet

Showing function get_ips_in_subnet

This function utilizes Python’s ipaddress module to calculate all potential host IPs within a given subnet. For example:

  • Input: 192.168.1.0/24
  • Output: A list of all host IPs from 192.168.1.1 to 192.168.1.254.

The strict=False parameter ensures the function doesn’t throw errors for invalid network definitions (e.g., if you mistakenly enter 192.168.1.5/24 instead of the network address 192.168.1.0/24).

Gathering Input

test

The user is prompted to enter a network address and subnet mask. These inputs are used to compute the list of IPs to scan.

Sending ICMP Echo Requests

This is the heart of the script:

  1. Packet Creation:
    • The Ether layer sets the destination MAC address to the broadcast address (ff:ff:ff:ff:ff:ff).
    • The IP layer targets each IP in the subnet.
    • The ICMP layer adds an echo request to check for a response.
  2. Sending Packets:
    • The srp1() function sends the packet and waits for a reply.
    • The timeout=TIMEOUT ensures that the script doesn’t hang indefinitely.
  3. Response Handling:
    • If a reply is received, the device is marked as online.
    • Otherwise, it’s considered offline.

Running the Script

When you run the script, here’s what happens:

  1. Enter a network address and subnet mask, such as 192.168.1.0 and 24.
  2. The script calculates the range of host IPs and starts sending ICMP packets.
  3. The output lists each IP and its status:
Showing that the script is working

Conclusion

This simple yet effective script showcases the power of Python and Scapy for network scanning. With just a few lines of code, you can identify devices in a subnet and gather essential network information. Whether you’re a network administrator or a cybersecurity enthusiast, mastering such tools is invaluable. Happy coding!

Trending now

Exploring Network Scanning with Python and Scapy