ARP Ping Using Scapy

here’s a quick script i whipped up a while ago.
it uses scapy to perform an ARP ping of a network, and provides a CSV report of any MAC addresses it finds, along with the associated IP’s.

It requires tcpdump to be installed and in the $PATH, as well as root privs to run.

#!/usr/bin/env python
# note that this script requires tcpdump to be installed
# additionally, it requires root privs to run.
# ----
# Portions of this code can be attributed to the book
# Python for Unix and Linux System Administration
# by Noah Gift and Jeremy M. Jones.
# Copyright 2008 Noah Gift and Jeremy M. Jones
# ISBN-13: 978-0-596-51582-9
# ----

import sys
if len(sys.argv) != 2:
    print "Usage: pingarp n  eg: pingarp 192.168.1.0/24"
    sys.exit(1)

from scapy import srp,Ether,ARP,conf
conf.verb=0
ans,unans=srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=sys.argv[1]),
              timeout=2)

print r"MAC,IP"
for snd,rcv in ans:
    print rcv.sprintf(r"%Ether.src%,%ARP.psrc%")

here’s sample output:

$ sudo ./pingarp 192.168.11.0/24
MAC,IP
00:16:01:8b:54:4a,192.168.11.1
00:13:ce:e9:6e:95,192.168.11.3
00:40:ca:8a:72:48,192.168.11.6

One thought on “ARP Ping Using Scapy”

  1. Added interval "inter=0.1" to srp() since scapy couldn't send fast enough and skipped packets (didn't scan whole range if range given)

    ans,unans=srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=sys.argv[1]),
    timeout=2,iface='eth0',inter=0.1)

Comments are closed.