ARP packets with scapy are unanswered
Question
I'm building a network scanner with Python using Scapy. I've been trying to send ARP packets but for some reason they don't get responded to.
#!/usr/bin/env python3
from scapy.all import *
def scan(ip):
arp_request = ARP(pdst=ip)
broadcast = Ether(dst="ff:ff:ff:ff:ff:ff")
arp_request_broadcast = arp_request/broadcast
answered_list = srp(arp_request_broadcast, timeout=2)[0]
for element in answered_list:
print(element[1].show())
scan("192.168.1.0/24")
Running it results in the following:
[void@Void Network Scanner]$ sudo python3 tutorial_netscanner.py
[sudo] password for void:
Begin emission:
Finished sending 256 packets.
............................................................
Received 60 packets, got 0 answers, remaining 256 packets
The strange part is that if I run this from the scapy interactive shell it works and the arp packets do get answered.
arping("192.168.1.0/24")
Super confused as to why this isn't working, the code seems perfectly fine to me, if anyone could help me out that would be great. Thank you.
1 answers
solution1
0 ACCPTED 2021-01-07 19:00:21
arp_request/broadcast is incorrect. The outer-most protocols go on the left. If you use Wireshark to see what's going on (the first thing you should do when something like this happens), you can see that it's not what you'd expect it to be:
It's essentially a malformed packet. You need broadcast / arp_request ; although specifying the Ether layer is optional. You can use simply ARP (and sr ).
Use Wireshark. It's an invaluable tool. You should only run it on networks that you have control over/permission to snoop, but it really is indispensable.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.