1

I am attempting to find my router's IP address with Scapy.

I am running a distro of Linux and fully understand that I could use system calls or subprocess to get to the routing tables and find the gateway. However, I am trying to do this without system calls.

I imagine there is a way to do there is a way to do this with Scapy, does anyone know?

ma77c
  • 1,052
  • 14
  • 31
  • 1
    Basically you have to catch a packet with a destination outside the subnet, get the destination MAC address and then find an ARP response from that MAC address. I will come from the router. There are other active strategies as well. – Klaus D. Jul 01 '16 at 01:50
  • @KlausD. I also found `conf.route` which shows the routing table. I can parse through that for the default gateway. – ma77c Jul 01 '16 at 14:06
  • Well that would be a system callin my eyes. But if it fits your needs... – Klaus D. Jul 01 '16 at 14:09
  • @KlausD. I was referring to `os.system` or `subprocess`. You are right though, `conf.route` should be seen as a system call. I have done a host discovery with python-nmap. Now I am separating the AP from the rest of the hosts. It is my understanding that in order to send a packet you must have a source IP and source MAC. In order to sniff the ARP response would the source IP and source MAC of the original packet need to be the machine running the program? – ma77c Jul 01 '16 at 14:41
  • We are leaving the scope of SO in large steps. Let me just add that there many strategies to scan hosts and sniff traffic in a network and there are a lot of books and internet resources on it. We are not able to cover even the basics in an SO answer. – Klaus D. Jul 01 '16 at 14:48

2 Answers2

2

FTR, see https://scapy.readthedocs.io/en/latest/routing.html

Get router IP address

>>> gw = conf.route.route("0.0.0.0")[2]
>>> gw
'10.0.0.1'
Cukic0d
  • 5,111
  • 2
  • 19
  • 48
0

I used the knowledge that if i send a packet to a distant IP adress with ttl = 0, I will get an ICMP packet from the first router i pass(my default gateway), all i'll need to do later is get the IP from that packet

from scapy.all import *
p = sr1(IP(dst="www.slashdot.org", ttl = 0)/ICMP()/"XXXXXXXXXXX")
print p.src
R. Azachi
  • 1
  • 1