How to find out how many clients are on a certain address range?_问答_开发者

How to find out how many clients are on a certain address range?

开发者 https://www.devze.com 2023-01-25 18:44 出处：网络

I tried googling for this but i didnt find anything... I am building a port scanner and i would like to make it so, that i can scan a network range e.g 192.168.2.* and find out how many computers are

I tried googling for this but i didnt find anything... I am building a port scanner and i would like to make it so, that i can scan a network range e.g 192.168.2.* and find out how many computers are on that range that are online. Alot like Nmap. 开发者_如何学PythonI am programming in python. Is this possible in Python?

Use python-nmap. Basic usage:

import nmap
nm = nmap.PortScanner()
nm.scan(hosts='192.168.2.0/24', arguments='-n -sP -PE -PA21,23,80,3389')
hosts_list = [(x, nm[x]['status']['state']) for x in nm.all_hosts()]
for host, status in hosts_list:
    print('{0}:{1}'.format(host, status))

For further reference see http://pypi.python.org/pypi/python-nmap

Here is Draft example that you can start with:

import socket

addr_range = "192.168.1.%d"

ip_address_up = []

# Use UDP. 
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)

s.settimeout(2.0)

for i in range(1, 254):
    try:
        ip = addr_range % i
        socket.gethostbyaddr(ip)
        ip_address_up.append(ip)
    except socket.herror as ex:
        pass

print ip_address_up

or something like this using ICMP (ping) rather thank UDP:

import socket
import ping

ip_address_up = []

addr_range = "192.168.1.%d"

for i in range(1, 254):       
   try:
       ip = addr_range % i
       delay = ping.do_one(ip, timeout=2)
       ip_address_up.append(ip)
   except (socket.herror, socket.timeout) as ex:
       pass

print ip_address_up

Using raw sockets you can implement something nmap-like. You will probably find that the most informative probes need to be made using specially crafted packets that do "odd" things, compared to normal programming interfaces. It's well worth reading up on the IP/UDP/TCP RFCs.

Using raw sockets you can generate byte by byte any probing packet of your choosing, with options/configurations set that are normally impossible/hard to do under normal circumstances, but which "trick" a host into revealing a wealth of information.

For IPv4 on local net you can resort to ARP using say Scapy, see related question.