For a very long time I have been wondering how ettercap does a pretty quick scan to return the IP to MAC address mappings of all the nodes on a network.
Anyways, the traditional way of doing this from the terminal on a Linux box is to first ping broadcast and then view the contents of the ARP cache.
Assuming I am connected to a wireless network with a broadcast address of 192.168.11.255, I’ll do like so:
ping -b 192.168.11.255 then hit ctrl^c after sometime.
The next thing is to read the content of the ARP cache by issuing the below command.
arp -a
Conversely, type this at the terminal for a rather verbose output
ip neigh show
But I reckon this is a very slow method and it doesn’t work too well for me. So what? I decided to write a threaded program in Python to do the trick
Let’s assume we are on a subnet mask of 255.255.255.0 for simplicity sake i.e that particular network can support a maximum of 254 nodes or computers with 192.168.11.255 and 192.168.11.0
addresses reserved for broadcast and network address respectively.
This is the code for achieving the same thing in a very quick way
#!/usr/bin/env python
# source file: threaded_scan.py
from threading import Thread
from os import system
class somethread(Thread):
def __init__(self, ip):
Thread.__init__(self)
self.ip = ip
def run(self):
system(“ping -c 1 192.168.11.”+self.ip) # this sends a ping echo request once to the given ip address
threads = []
for i in range(1, 254):
thread = somethread(i)
thread.start()
threads.append(thread)
for th in threads:
th.join()
save this in a file and make it executable using this command
sudo chmod +x threaded_scan.py
then type
./threaded_scan.py
afterwards issue the command below to see the contents of ARP cache
ip neigh show | grep -i reach
December 4, 2010
volsbit
