• Home
  • News
  • Software
  • Knowledge
  • MMO
  • Tips
  • Security
  • Network
  • Office
AnonyViet - English Version
  • Home
  • News
  • Software
  • Knowledge
  • MMO
  • Tips
  • Security
  • Network
  • Office
No Result
View All Result
  • Home
  • News
  • Software
  • Knowledge
  • MMO
  • Tips
  • Security
  • Network
  • Office
No Result
View All Result
AnonyViet - English Version
No Result
View All Result

[PyHack] Lesson 3: Network Scanner – Scan network information

AnonyViet by AnonyViet
February 2, 2023
in Tips
0

Information gathering is one of the most important steps to pentesting or attacking the victim, which is specifically the network scanner. You cannot access a system if you do not have enough information about it. Example for easy understanding: let’s say you are connected to a network and one of the devices connected to this network is your target. You need to know all the machines connected to the network then get their MAC and then try to gather information to be able to access your target.

Join the channel Telegram of the AnonyViet 👉 Link 👈

In this article, I will show you how to build a network scanner (listen really, from now on I will use the word network scanner) using python.

Prepare Lab

The lab includes 2 virtual machines:

Note: Virtual machines all use NAT connection type. The subnet IP on Nat is 192.168.75. The Kali machine will scan Windwos XP to test the network_scanner software.

[PyHack]  Lesson 3: Network Scanner - Scan network information 42

What is Scapy?

Scapy is a Python interpreter that allows you to create, spoof or decrypt packets on the network, or capture packets and parse them, etc. It also allows you to inject packets into the network. Scapy also supports a large number of network protocols and it can process and manipulate wireless communication packets.

Scapy can be used to replace network tools, such as nmap, hping, arpscan, tshark and wireshark.

Scapy’s principle of operation is to send and receive packets, it can also sniff other packets. Sent packets can be easily generated using the built-in options and analyzing captured packets. Capturing packets helps us understand what’s going on on the (home) network.

[PyHack]  Lesson 3: Network Scanner - Scan network information 43

What is ARP?

Currently, there are many ways to discover other machines on the same network. The simplest is to emulate what a normal device would do to discover another device on the same network.

For example, let’s say I have a lab set up like the one below.[PyHack]  Lesson 3: Network Scanner - Scan network information 44

We have devices ABC and D. They are all connected to the router. We can see that each device has its own IP and MAC. Now, for example, device A needs to communicate with device C. Machine A knows the IP of machine C. But as we know, for devices to communicate in the same network, machine A needs to know its MAC address. machine C because the machines use MAC to communicate rather than IP address.

In order for two machines to communicate with each other, they will use a protocol called APRP, which stands for address resolution protocol. And it’s a very simple protocol that allows us to associate IP addresses with MAC addresses.

To know the MAC address of machine C, machine A needs to use the ARPU protocol. Basically, host A sends a packet containing its own MAC address and the target’s IP address (machine C) to all machines on the network.

[PyHack]  Lesson 3: Network Scanner - Scan network information 45

Now, all machines will not respond to this packet except the machine with IP 10.0.2.6, which is also machine C. [PyHack]  Lesson 3: Network Scanner - Scan network information 46

Device C will respond back to these packets, as, I am the machine with IP 10.0.2.6 and my MAC is 00:11:22:33:44:66. Done, it’s as simple as that.

Check how many devices are connected to the router

Because the IP subnet of NAT is 192.168.75.0, I will check how many devices are connected to the router in this network, NAT is now acting as the router. [PyHack]  Lesson 3: Network Scanner - Scan network information 47

Why do I have to add “/24” to the IP address? Because “/24” means that we will use 24 bits for the Network ID part, and the remaining 8 bits for the Host ID. To make it easy to understand, the program will scan from the ip range 192.168.75.0 to 192.168.75.255, which is also the subnet IP of NAT, readers. this lesson to understand more.

[PyHack]  Lesson 3: Network Scanner - Scan network information 48

Using ARPU in Python

As mentioned above, what is ARP? We will use the ARPU protocol to send a packet of packets containing the target’s IP address, then the target will respond to this packet and will send it back to our MAC.[PyHack]  Lesson 3: Network Scanner - Scan network information 49

[PyHack]  Lesson 3: Network Scanner - Scan network information 50

Why does ARP ask who has an IP of 0.0.0.0? But why does ARP reply 0.0.0.0, probably no machine has IP 0.0.0.0 so it shows that. So how to let ARP ask another IP. First, we have to know why ARP asks for IP 0.0.0.0, then we use the function ls().This function will display the default fields in ARP.

[PyHack]  Lesson 3: Network Scanner - Scan network information 51

[PyHack]  Lesson 3: Network Scanner - Scan network information 52

Did you notice the part pdst because it is None so it will be 0.0.0.0. So how do we change it? It’s very simple, you just need to add parameters to be pdst and assign ip as arguments in function scapy.ARP(). And remember to remove /24, because now we don’t need to search for ip in the range from 0 to 255 anymore.

[PyHack]  Lesson 3: Network Scanner - Scan network information 53[PyHack]  Lesson 3: Network Scanner - Scan network information 54

We have successfully created an ARP request packet. To see more information about the package we use the function show().[PyHack]  Lesson 3: Network Scanner - Scan network information 55If you notice, the MAC of the packets just created is also the MAC of the machine.[PyHack]  Lesson 3: Network Scanner - Scan network information 56

Please note this to avoid confusion, the reason it has the same MAC as Kali is because the target ip (the ip that this packet will send to) of this packet is 192.168.75.128, which is also Kali’s ip. In other words, it is sending packets to Kali by itself and then taking Kali’s MAC.

Note: hwdst and pdst are the MAC and IP of the machine sending packets (Kali), and hwsrc and psrc are the MAC and IP of the machine receiving (response) packets that we send.

So how do we change the ip to get another machine’s MAC? We must first know what the dst of the broadcast is, then set the MAC target to broadcast.[PyHack]  Lesson 3: Network Scanner - Scan network information 57[PyHack]  Lesson 3: Network Scanner - Scan network information 58

Why change the MAC target to broadcast? As mentioned above, we need to send this ARP packet to all machines in the network. And to do that, we need to change the target MAC to broadcast so that it sends packets to all devices on the network.[PyHack]  Lesson 3: Network Scanner - Scanning network information 59

[PyHack]  Lesson 3: Network Scanner - Scan network information 60 [PyHack]  Lesson 3: Network Scanner - Scan network information 61

What we need to do next is create a new packet that is a combination of the previous two packets (ARP and Broadcast) that we created. To do this, we just need to add a “/” because Scapy supports that.

Why do we have to combine those two? Packets ARP are just packets sent to a given destination ip and return MAC to us, so it cannot send the entire network. But broadcast can solve this problem for us, so we combine the two.[PyHack]  Lesson 3: Network Scanner - Scan network information 62

You use the show() function to view information about the packets created.[PyHack]  Lesson 3: Network Scanner - Scan network information 63[PyHack]  Lesson 3: Network Scanner - Scan network information 64

Send and Receive Packets

After we have configured the packets, it’s time to send it out and receive packets including the MAC of the machines in the network. To do that we use the function srp(). Which this function will return 2 lists is the response list and the non-responsive list.[PyHack]  Lesson 3: Network Scanner - Scan network information 65

[PyHack]  Lesson 3: Network Scanner - Scan network information 66

[PyHack]  Lesson 3: Network Scanner - Scan network information 67

So we have obtained the IP and MAC of the devices in the network already. But those are the packets that can respond, what about the ones that are not responding? Try it, you just need to replace the function print Fort print(unanswers.summary()) is to be. The result is too long so I’m lazy to take a picture for you guys, but in short, it’s the unresponsive ips from 192.168.75 to 192.168.75.255.

Printing the results is too difficult to see, so I will guide you how to design the interface like the image below.[PyHack]  Lesson 3: Network Scanner - Scan network information 68

Design the theme

As I said above, the software will return 2 lists, answered (response) and unanswered (no response), we only need the response list, so we only use the answered list. Now, let’s go through the list and print the values ​​to see how it stores.[PyHack]  Lesson 3: Network Scanner - Scan network information 69

Why did I add “[0]” into function scapy.srp.Because this function returns 2 lists, when you assign the result of the function to a variable, it will not understand whether you want to get a response or no response list, so I have to add “[0]”.

[PyHack]  Lesson 3: Network Scanner - Scan network information 70

Too much superfluous information. Now I will deal with them one by one. The first is this place, I want to hide this place.[PyHack]  Lesson 3: Network Scanner - Scan network information 71

You just need to add parameters verbose=Falseinto the function scapy.srp.[PyHack]  Lesson 3: Network Scanner - Scan network information 72

Next we will take only what is necessary. You print element 1 of elements, remember to include the function show().[PyHack]  Lesson 3: Network Scanner - Scan network information 73

And it will print several results like this, depending on the number of packets in response.[PyHack]  Lesson 3: Network Scanner - Scan network information 74

Now, you proceed to get the IP and MAC of the machine that responded to your packets.[PyHack]  Lesson 3: Network Scanner - Scan network information 75[PyHack]  Lesson 3: Network Scanner - Scan network information 76

Next, you design the IP and MAC frames.[PyHack]  Lesson 3: Network Scanner - Scan network information 77

[PyHack]  Lesson 3: Network Scanner - Scan network information 78

Now we will improve it a bit, what if in the future you need to use this list? Maybe run from the beginning, so we will put this list in the dict (dictionary) for easy management, save the dict in the list.[PyHack]  Lesson 3: Network Scanner - Scan network information 79 We create one more function print_result() to print the results.[PyHack]  Lesson 3: Network Scanner - Scan network information 80

So the design part is done. Next, we apply the knowledge in the previous post to add optparse into the software.

More optparse

LIVE 2 previous posts, we already know how to add parse to the software. Now is the time to use it. I will not explain again.

network scanner

[PyHack]  Lesson 3: Network Scanner - Scan network information 81

That’s it, lesson 3 is over. If you have any problems, inbox to fanpage Anonyviet. Or join the group Anonyviet to learn and communicate more.

The article achieved: 5/5 – (100 votes)

Tags: InformationLessonnetworkPyHackScanScanner
Previous Post

Instructions to create Avatar with Facebook Sticker

Next Post

How to install Vietnamese for Mi Band 4 on Iphone and Android without Font error

AnonyViet

AnonyViet

Related Posts

How to view web access history in the anonymous mode (Incognito) of Chrome
Tips

How to view web access history in the anonymous mode (Incognito) of Chrome

August 22, 2025
How to graft the peach branch based on electric poles, family cycling, uncle
Tips

How to graft the peach branch based on electric poles, family cycling, uncle

August 21, 2025
Unlock checkpoint 72h often have photos already but hang nick
Tips

Unlock checkpoint 72h often have photos already but hang nick

August 19, 2025
GIF image creation tips with high quality snipping tool
Tips

GIF image creation tips with high quality snipping tool

August 19, 2025
How to unlock Facebook to download your latest photos
Tips

How to unlock Facebook to download your latest photos

August 18, 2025
Instructions on how to format text on the Windows 11 notepad
Tips

Instructions on how to format text on the Windows 11 notepad

August 16, 2025
Next Post
How to install Vietnamese for Mi Band 4 on Iphone and Android without Font error

How to install Vietnamese for Mi Band 4 on Iphone and Android without Font error

0 0 votes
Article Rating
Subscribe
Login
Notify of
guest

guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

Recent News

How to view web access history in the anonymous mode (Incognito) of Chrome

How to view web access history in the anonymous mode (Incognito) of Chrome

August 22, 2025
How to automatically erase the web history after escaping to absolutely secure

How to automatically erase the web history after escaping to absolutely secure

August 22, 2025
Stainless steel flange price list at Asia Industry

Stainless steel flange price list at Asia Industry

August 21, 2025

Hướng Dẫn Đăng Nhập VN88

August 21, 2025
How to view web access history in the anonymous mode (Incognito) of Chrome

How to view web access history in the anonymous mode (Incognito) of Chrome

August 22, 2025
How to automatically erase the web history after escaping to absolutely secure

How to automatically erase the web history after escaping to absolutely secure

August 22, 2025
Stainless steel flange price list at Asia Industry

Stainless steel flange price list at Asia Industry

August 21, 2025
AnonyViet - English Version

AnonyViet

AnonyViet is a website share knowledge that you have never learned in school!

We are ready to welcome your comments, as well as your articles sent to AnonyViet.

Follow Us

Contact:

Email: anonyviet.com[@]gmail.com

Main Website: https://anonyviet.com

Recent News

How to view web access history in the anonymous mode (Incognito) of Chrome

How to view web access history in the anonymous mode (Incognito) of Chrome

August 22, 2025
How to automatically erase the web history after escaping to absolutely secure

How to automatically erase the web history after escaping to absolutely secure

August 22, 2025
  • Home
  • Home 2
  • Home 3
  • Home 4
  • Home 5
  • Home 6
  • Next Dest Page
  • Sample Page

©2024 AnonyVietFor Knowledge kqxs hôm nay xem phim miễn phí mm88 8XBET mm88 trang chủ new88

No Result
View All Result
  • Home
  • News
  • Software
  • Knowledge
  • MMO
  • Tips
  • Security
  • Network
  • Office

©2024 AnonyVietFor Knowledge kqxs hôm nay xem phim miễn phí mm88 8XBET mm88 trang chủ new88

wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply