Trying to create a function that does the following:
- Uses sniff() function to listen for traffic at the en0ps3 interface
- Handle traffic picked up by the sniff() function
- Store the source IP address and source MAC address.
- If an IP address has already been stored, but a different MAC address is seen then the script should also store this additional MAC address
- The user should see a list of hosts appear in the terminal while the script is running
(I have another separate sample script that generates ARP traffic for testing functionality)
Output I'm getting is below - can anyone confirm if its correct? I'm new, and struggling with Scapy to validate my work:
^CEther / ARP who has 192.168.1.10 says 192.168.1.1
Ether / ARP is at 10:11:12:ab:ab:ab says 192.168.1.10
Ether / ARP who has 192.168.1.11 says 192.168.1.2
Ether / ARP is at 10:11:12:bc:bc:bc says 192.168.1.11
Ether / ARP who has 192.168.1.12 says 192.168.1.3
Ether / ARP is at 10:11:12:cd:cd:cd says 192.168.1.12
Ether / ARP who has 192.168.1.13 says 192.168.1.4
Ether / ARP is at 10:11:12:de:de:de says 192.168.1.13
Ether / ARP who has 192.168.1.14 says 192.168.1.5
Ether / ARP is at 10:11:12:ef:ef:ef says 192.168.1.14
Ether / ARP who has 192.168.1.15 says 192.168.1.6
Ether / ARP is at 10:11:12:f0:f0:f0 says 192.168.1.15
Ether / ARP is at de:ad:be:ef:de:ad says 192.168.1.10
My code is
from scapy.all import *
ethernetHeader = Ether()
ipHeader = IP()
icmpHeader = ICMP()
pkt = ethernetHeader/ipHeader/icmpHeader ##filtering out ARP traffic with an op code of 2 or "is-at"
def filter_packets(packets):
def packet_handler(pkt):
packets.append(pkt)
return packet_handler
def main():
packets = []
sniff(iface="enp0s3", prn=filter_packets(packets))
for p in packets:
print(p.summary(ipHeader))
main()
