scapy Articles - jcutrer.com

Scapy DHCP listener in Python

By JC | December 24, 2018 | Comments 0 Comment

This script listens for DHCP Request and Discover packets on the LAN using scapy.

A little background on the DHCP protocol

Hosts issue a DHCP Discover packet to destination 255.255.255.255 to request an IP Address assignment from a DHCP server. DHCP Discover, Request, Offer, Ack and Inform packets are sent as broadcasts, all hosts on the LAN receive these packets. Because of the nature of the protocol, no special port mirroring or tapping is required on the host that runs this script.

This script is the foundation for creating a passive network discovery tool. We can collect and store the Mac Address, Hostname, and IP Address all hosts configured for DHCP IP address assignment.

Scapy ARP listener in Python

By JC | December 23, 2018 | Comments 0 Comment

This script listens for ARP request packets using scapy to learn the IP and Mac Address of LAN hosts.

A little background on the ARP protocol

ARP is the protocol that hosts use to discover the mac address of another LAN host. The initiating host asks “Who Has <IP Address>”, this request is transmitted as a broadcast ethernet packet to destination 00:00:00:00:00:00. Since the ARP request is sent as a broadcast, all hosts on the LAN receive and process this packet. Because of the nature of the protocol, no special port mirroring or tapping is required on the host that runs this script.

The host that has <IP Address> will reply back directly to the requester so we will not see that ARP reply packet unless our machine sent the initial ARP request.

This script is the foundation for creating a passive network discovery tool. We can collect and store the MAC Address, IP Address pairs for all hosts we hear communicating on the network.