Friday, 22 May 2020

Ping Scanner Part 2: Multi-Processing


by Vaggelis Atlasis

In my previous Blogspot, I constructed a "ping sweep" scanner in Python, using the Scapy library. One of the limitations of the program was the amount of time it took the program to go through all the addresses in the subnet. This problem was addressed by using a multiprocessing library. 

The previous version of the code


Multiprocessing

To enable multiprocessing, I imported Pool from the library multiprocessing. Pool replaced the for loop that was previously used to go through the addresses in a subnet one by one. Instead, Pool contains a parameter where the number of parallel tasks which can be executed is defined. The .map function of Pool iterates through the list of the addresses, allocating each address to a separate task (in this case, the number of parallel tasks is 10). 

The code used to implement Pool in the program. 10 is the number of processes running simultaneously


As you may have noticed in the picture, one of the parameters (send_ping) was not on the previous program. send_ping is simply the code that creates the ping placed into a function; allowing us to input all of the code as a parameter.

The code for the function send_ping. Note that the parameter address is taken using the .map function which individually iterates through targets, separately picking out each network address. 

Parsing Arguments from the Command Line

In the case that the user wants to change the number of processes running simultaneously doing directly from the program can be quite tedious. Therefore, I imported ArugmentParser from the library argparse. Next, the variable values will receive arguments from the command line. In this example, this happens when the user uses -p or --processes along with an integer of the user's choice. Conveniently, validation is automated by the library so there is no need for me to validate the type of input. 

The code for parsing argument from the command line. If there is no input from the user, the default number of processes is 10 (Please click on the picture to magnify it). 




Finally, we set values.processes as the parameter of Pool. We use the variable values and the argument processes to refer to the value of this argument. Consequently, the number next to the argument corresponds to the number of processes running simultaneously. 

Updated code for the Pool function

Further Changes

For usability reasons, a while loop was inserted in the code to allow the user to input a valid IPv4 subnet/address as many times as it took for the input to be valid. Previously, the program would just exit if the input was invalid. The added loop makes the program more user friendly.

The program code so far (You can find the while loop in lines 21 - 27)

Next Steps

In the coming days/weeks I will develop the code for finding the hostnames for the IP addresses that I received a reply from in a specific subnet.


Monday, 4 May 2020

Making a Ping Scanner Using Scapy

by Evangelos Atlasis


In this post I will show how easy it is to make a “ping-sweep” IPv4 scanner using Python and the powerful Scapy. Ping-sweep is an IP scanner than sends an ICMP Echo Request (aka “ping”) to a range of IP addresses and checks for responses to identify hosts that are present and respond to these pings. Effectively, this is the same as sending a ping from the command line.

The Code

The Python code for the program

















First, we need to import Scapy, as well as the Python library ipaddress. The last one is used to automatically break down an IPv4 subnet (a set of IP addresses) to a list of IP addresses that comprise this subnet.

The user receives a prompt to input the IPv4 subnet he wants to scan (via the input command). Then, the try... except on lines 7 - 12 is used to ensure the input of a valid IPv4 subnet by the user while avoiding the program crashing. The try attempts to convert the input into a list of IPv4 addresses. If the process is successful the program continues. Otherwise, an exception is raised and a small explanatory message is displayed before the program exits.

The for loop in line 15 iterates the list of IPv4 addresses one by one. Firstly, the packet which will be sent as a ping is constructed with an IP and ICMP header type 8 (Echo). Inside the IP header, the destination of the packet is changed to the one of the current address. We do not need to put a layer-2 (MAC) header since this will be taken care of automatically from Scapy.

Function sr1() sends one packet and waits to receive for one response. The program waits for two seconds (to save some time) to receive a response for each address where the packet has been sent before moving on. Moreover, the verbosity has been set to 0 so that no excessive and unnecessary information will be displayed. The variable response in line 17 will store the response received from sr1(). If there is a response, the program checks for two types of ICMP headers: type 0 (Echo Reply) and type 3 (Destination Unreachable - More info about the ICMP codes here). In the former case, the message "Host is reachable" is displayed and in the latter "Destination is unreachable" is displayed instead. If no response is received, no message is displayed; meaning that either a host with the specific IP address is not up, or that the ICMP Echo Request is blocked and no answer (either positive or negative) is provided to the sender.

Capturing Traffic with Wireshark

The Wireshark screenshot below shows an outcome of the ping-sweep script in our home network.

Screenshot from Wireshark displaying the ping-sweep in our home net1`2wwwork


Next Steps

In the future, I will construct a while loop to allow the user to enter an input until it is a valid IPv4 network/address, instead of exiting the program. In addition, I will try to use multithreading or multiprocessing to make the running process shorter in length and hence less tedious. 

Sunday, 3 May 2020

Using a Robot to Estimate the Azimuth Angle of the Sun

by Vaggelis and Filippos Atlasis



Using a self-constructed Ev3 Mindstorm robot, we managed to measure the Azimuth angle of the Sun at different times during the day. By clicking on this link (you can also find it below as an embedded pdf file), you will find attached a complete report on our investigation, including details on the construction and programming aspects of the project, our methodology, the analysis of our results as well as a reference to the mathematical model used to find the exact value of the Azimuth angle at any given time and day. 


The Mindstorm robot aligned with a compass, facing North