Python scapy ARP

Reference manual: Https://fossies.org/dox/scapy-2.3.3/

When a host sends an Ethernet data frame to another host located on the same LAN, the destination interface is determined based on the Ethernet address of the 48bit.

The device driver never checks the destination IP address in the IP packet.

Address resolution provides mappings for these two different address forms: the IP address of 32bit and any type of address used by the data link. (FR Environment)

ARP provides dynamic mapping between the IP address and the corresponding hardware address. The reason we use the word dynamic is that the process is done automatically, and the general application user or system administrator does not have to care.

There is a basic concept behind ARP that the network interface has a hardware address (a 48bit value that identifies different Ethernet or Token Ring network interfaces). The data frame exchange at the hardware level must have the correct interface address. But TCP/IP has its own address: the IP address of 32bit. knowing the host's IP address does not allow the kernel to send a frame of data to the host. the kernel, such as the Ethernet driver, must know the hardware address of the destination to send the data. The function of ARP is to provide dynamic mapping between 32bit IP addresses and hardware addresses with different network technologies.

The point-to-point link does not use ARP. When these links are set (typically during the boot process), you must tell the IP address at each end of the kernel link. Hardware addresses such as Ethernet addresses are not involved.

Only multiple access links require technology such as ARP.

650) this.width=650; "src=" Https://s5.51cto.com/oss/201711/09/bd026c46612d8c05a571a8a2d1184d4d.png "title=" QQ picture 20171109111532.png "alt=" Bd026c46612d8c05a571a8a2d1184d4d.png "/>

650) this.width=650; "src=" Https://s4.51cto.com/oss/201711/09/1362a196e266c72a6642320c05a4c27c.png "title=" QQ picture 20171109111614.png "alt=" 1362a196e266c72a6642320c05a4c27c.png "/>

650) this.width=650; "src=" Https://s2.51cto.com/oss/201711/09/3ebaa89c5e14ed66f7669aea729dc5ed.png "title=" QQ picture 20171109112254.png "alt=" 3ebaa89c5e14ed66f7669aea729dc5ed.png "/>

The key to efficient ARP operation is because there is an ARP cache on each host. This cache holds a mapping record between the closest Internet address to the hardware address. The lifetime of each entry in the cache is typically 20 minutes, starting from the time it was created.

ARP Request packet sample:

#!/usr/bin/python3.4# -*- coding=utf-8 -*-import logginglogging.getlogger ("Scapy.runtime") . SetLevel (Logging. ERROR) #清除报错from  scapy.all import * #配置各种信息 in order to invoke localmac =  ' 00:0c:29:8d:5c:b6 ' Localip  =  ' 202.100.1.138 ' destip =  ' 202.100.1.139 ' ifname =  ' eno33554944 ' ################ ###### #源MAC为本地MAC # # # #目的MAC为广播 ######## #操作码为1 (Request) ####################################################### Because of multiple network adapters, you need to assign iface########## #result_raw  = srp (ether (src=localmac, dst= ' FF:FF:FF:FF:FF:FF ')/arp ( Op=1, hwsrc=localmac, hwdst= ' 00:00:00:00:00:00 ',  psrc=localip, pdst=destip),  iface  = ifname, verbose = false) "SR ()  function is for sending  packets and receiving answers. the function  #returns  a couple of &NBSP;PACKET&NBSP;AND&NBSP;ANSWERS,&NBSP;AND&NBSP;THE&NBSP;UNANSWERED&NBSP;PACKETS.&NBSP;SR1 ()  is a  variant that only return one packet that answered the packet  ( or  #the  packet set)  sent. The packets must be layer 3  packets  (ip, arp, etc.). &NBSP;SRP ()  do the same for layer 2 packets  (ethernet, 802.3,  etc.). Send ()  function will send packets at layer 3. that is to &NBSP;SAY&NBSP;IT&NBSP;WILL&NBSP;HANDLE&NBSP;ROUTING&NBSP;AND&NBSP;LAYER&NBSP;2&NBSP;FOR&NBSP;YOU.&NBSP;SENDP ( )  function will work at layer 2. " #print (Result_raw) # (<results: tcp:0 udp:0 icmp:0 other:1>, <unanswered:  TCP:0 UDP:0 ICMP:0 Other:0>)   A tuple, [0] received a response packet, [1] a packet #print (type (result_raw[ 0]) #<class  ' scapy.plist.SndRcvList ' >  #https://fossies.org/dox/scapy-2.3.1/classscapy_1_1plist _1_1sndrcvlist.htmlresult_list = result_raw[0].res  #res:  the list of packets, Generates a manifest (list) #print (result_list) #[(<ether  dst=ff:ff:ff:ff:ff:ff src=00:0c:29:8d:5c) consisting of a packet of packets: b6 type=arp |<arp  op=who-has hwsrc=00:0c:29:8d:5c:b6 psrc=202.100.1.138  hwdst=00:00:00:00:00:00 pdst=202.100.1.139 |>>, <ether  dst=00:0c : 29:8d:5c:b6 src=00:0c:29:43:52:cf type=arp |<arp  hwtype=0x1 ptype=ipv4  hwlen=6 plen=4 op=is-at hwsrc=00:0c:29:43:52:cf psrc=202.100.1.139 hwdst=00:0c : 29:8d:5c:b6 pdst=202.100.1.138 |<padding load= ' \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x00 '  |>>>)] #一个列表, each item is a tuple, including an ARP request and a response in the tuple #result_list[0][1][0],[0] Represents the first set of packets (transmit and receive), [1], which means the packet is received (0 is a package), [0] represents the Ethernet header #print (result_list[0][1][0].fields)   Ethernet header field #{' DST ':  ' 00:0c : 29:8d:5c:b6 ',  ' type ': 2054,  ' src 'The:  ' 00:0C:29:43:52:CF '} #result_list [0][1][0],[0] represents the first set of packets (transmit and receive), [1], which means that the packet is received (0 is the package), [1] represents the ARP header #print (result_list[0 ][1][1].fields)  arp header field #{' Pdst ':  ' 202.100.1.138 ',  ' hwtype ': 1,  ' hwdst ':  ' 00:0c : 29:8d:5c:b6 ',  ' plen ': 4,  ' ptype ': 2048,  "hwsrc ':  ' 00:0c:29:43:52:cf ',  ' op ' : 2,  ' Hwlen ': 6,  ' psrc ':  ' 202.100.1.139 '}print (' IP address:  '  + result_list[ 0][1][1].fields[' psrc '] +  '  mac address:  '  + result_list[0][1][1].fields[' hwsrc '])

650) this.width=650; "src=" Https://s5.51cto.com/oss/201711/09/1ccf59da24da649641629ff436b7daae.png "title=" QQ picture 20171109120643.png "alt=" 1ccf59da24da649641629ff436b7daae.png "/>

This article is from the "Gorilla City" blog, please be sure to keep this source http://juispan.blog.51cto.com/943137/1980254

Python scapy ARP