We can use Scapy to sniff the packets arriving to a network interface. After each packet is captured, they can be processed by a callback function to get the useful information from it.
Listing 8.7 gives the code for scanning the broadcast of packets, as follows:
#!/usr/bin/env python # Python Network Programming Cookbook, Second Edition -- Chapter - 8 # This program is optimized for Python 2.7.12 and Python 3.5.2. # It may run on any other version with/without modifications. from scapy.all import * import os captured_data = dict() END_PORT = 1000 def monitor_packet(pkt): if IP in pkt: if pkt[IP].src not in captured_data: captured_data[pkt[IP].src] = [] if TCP in pkt: if pkt[TCP].sport <= END_PORT: if not str(pkt[TCP].sport) in captured_data[pkt[IP].src]: captured_data[pkt[IP].src].append(str(pkt[TCP].sport)) os.system('clear') ip_list = sorted(captured_data.keys()) for key in ip_list: ports=', '.join(captured_data[key]) if len (captured_data[key]) == 0: print ('%s' % key) else: print ('%s (%s)' % (key, ports)) if __name__ == '__main__': sniff(prn=monitor_packet, store=0)
If you run this script, you can list the broadcast traffic's source IP and ports. The following is a sample output from which the first octet of the IP is replaced:
# python 18_7_broadcast_scanning.py 127.0.0.1 127.0.1.1 13.81.252.207 (443) 162.125.17.5 (443) 162.125.18.133 (443) 162.125.65.3 (443) 172.217.17.69 (443) 173.194.69.189 (443) 192.168.137.1 192.168.137.95 216.58.212.174 (443) 34.253.167.3 (443) 40.115.1.44 (443) 40.77.226.194 (443) 52.208.1.170 (443) 52.215.50.173 (443) 54.86.79.27 (443) 68.232.34.200 (443)
The following screenshot shows the execution output: