Disable Promiscuous Mode In ScaPy
Sun, 3. Dec 2017TL:DR; How to prevent ScaPy from entering promiscuous mode if I don’t need it.
I want to keep track of the machines plugged into our network. For this purpose I was using arpwatch. Arpwatch works, but I didn’t like the emails it generated, simple because they were lacking infos, like previous hostnames of a discovered ethernet address.
I was considering to write a small shell script, which uses sed
and awk
on arp
or /proc/net/arp
in order to keep track of what is happening on the network, keeping the table up-to-date with arping. But then I decided to give python a try.
As usual it was not hard to find a python package that was able to to an arping: ScaPy. Lucky me: the second example in the documentation was an arping. After digging into the scapy-code I found that the arping was already available as method, so that one can easily make use of it:
# import scapy method
from scapy.layers.l2 import arping
# run the ping
answered,unanswered = arping("192.168.42.1/24")
# build tuples (hwaddress, ip) from the replies
hosts = [(host[1].hwsrc, host[1].psrc) for host in answered]
That was a walk in the park.
Unfortunately I found in my syslog:
Dec 3 10:06:37 yori kernel: [3352685.329676] device eth0 entered promiscuous mode
Dec 3 10:06:40 yori kernel: [3352687.660405] device eth0 left promiscuous mode
Obviously was scapy
entering the promiscuous mode (which is needed for
sniffing network packages) per default. It took me some tome to figure out
how to disable it, it was easier then expected:
# import scapy config
from scapy.all import conf as scapyconf
# disable scapy promiscuous mode
scapyconf.sniff_promisc = 0
Yay. Now back to work.