Ticket #8 (closed enhancement: fixed)

Opened 4 years ago

Last modified 2 years ago

Add a promiscuous hosts scanner, promiscping similar to arping

Reported by: antoine.brodin@… Owned by: pbi
Priority: minor Milestone: scapy 2.2
Component: Scapy Version: 1.0.4
Keywords: Cc:

Description

This adds a promiscping function that determines which hosts are in promiscuous mode. The trick is described in  http://www.securityfriday.com/promiscuous_detection_01.pdf 

def promiscping(net, timeout=2, **kargs):
    """Send ARP who-has requests to determine which hosts are in promiscuous mode
promiscping(net, iface=conf.iface)"""
    ans,unans = srp(Ether(dst="ff:ff:ff:ff:ff:fe")/ARP(pdst=net),
                    filter="arp and arp[7] = 2", timeout=timeout, iface_hint=net, **kargs)
    ans = ARPingResult(ans.res, name="PROMISCPing")

    ans.display()
    return ans,unans

This seems to detect the following OS when the NIC is in promiscuous mode: windows XP SP2, linux 2.6.8.2 (sarge) and freebsd 7.0-current.

I haven't tested other OS.

There is already a is_promisc function but it is not really useful when scanning a class C network (it says True if one host is in promiscuous mode but doesn't tell which one)

Attachments

Change History

Changed 4 years ago by pbi

  • status changed from new to closed
  • resolution set to fixed

patched.

Changed 3 years ago by anonymous

  • component changed from core to technics

Add/Change #8 (Add a promiscuous hosts scanner, promiscping similar to arping)

Author


E-mail address and user name can be saved in the Preferences.


Change Properties
<Author field>
Action
as closed
Next status will be 'reopened'
 
Note: See TracTickets for help on using tickets.