Exploring Network Basics and Building a Scanner
Hello and welcome to my latest networking adventure!
Inspired by a great tutorial from David Bombal on YouTube, I created a simple network scanner using Python and the Scapy library. While I ran into a few challenges, especially with Oracle Cloud, I ultimately got it working locally on my Mac, and I’m excited to share my experience with you. It’s been a steep learning curve, but that's part of the fun, right? Let’s Begin!
What is a Network?
At its core, a network is just a group of devices that can communicate with each other. These devices might be computers, printers, smartphones, or even smart home devices like refrigerators and security cameras. They communicate over physical cables or wirelessly via Wi-Fi.
Each device has a unique identifier:
IP Address: This acts like the device’s mailing address.
MAC Address: Think of this as the device’s fingerprint, tied to its network interface card (NIC).
A good example of a network is a Local Area Network (LAN)—a network that covers a small area, like your home or office. So, if you’re sitting at home connected to Wi-Fi, your devices are part of your LAN.
The TCP/IP Network Model
The TCP/IP model is the backbone of modern networking. It breaks down networking into four layers:
Network Access Layer: Handles data transmission over hardware like Ethernet or Wi-Fi. Example Protocols: Ethernet, Wi-Fi (Wireless LAN)
Internet Layer: Uses IP addresses to route data from device to device. Example Protocols: IP (Internet Protocol)
Transport Layer: Manages data flow and ensures reliability (or tolerates data loss in cases like video streaming). Example Protocols: TCP (Transmission Control Protocol), UDP (User Datagram Protocol)
Application Layer: Defines protocols for applications like web browsing, email, or chat. Example Protocols: .HTTP, FTP, SMTP, and DNS
Each layer serves a specific function and plays a critical role in how data flows across networks.
What is a Network Scanner?
A network scanner helps you discover all the devices connected to a network. It sends out requests to a range of IP addresses and waits for responses. When a device replies, it provides useful info, such as its IP and MAC addresses.
Network scanners are vital tools in IT security, network management, and troubleshooting. They can be used to:
Map devices on your home network.
Detect unauthorized devices.
Identify services running on devices (e.g., web servers, file-sharing).
The Code: From Learning to Implementation
I started with the code from David Bombal’s YouTube tutorial, which uses the Scapy Python library to scan the network. Scapy allows you to create custom network packets and analyze responses—perfect for learning about low-level networking protocols.
The code sends ARP requests to a specified IP range, identifies the devices that respond, and collects their IP and MAC addresses. To speed up the scanning process, multithreading is used, allowing multiple IP addresses to be scanned concurrently. The results are then displayed in a clear table format. This tool is a great way to explore network devices and gain insights into the devices connected to your local network, making it an excellent starting point for those interested in network security.
Here’s my updated version of the network scanner which I adapted to make faster:
Key Differences from David Bombal’s Code
Multithreading:
David's original code likely scans IP addresses sequentially, which can be slow. I added multithreading to scan multiple IPs concurrently, improving the performance.Device List Collection:
In my code, I store each device's IP and MAC address in a dictionary and collect them in a list, which makes it easier to print and extend the results.Scan Duration:
I added code to measure how long the scan takes, helping evaluate performance.
What I Found
Running the network scanner was an eye-opener. Initially, I tried using Oracle Cloud to run the code, but I couldn’t detect devices on my local network because the cloud instance is isolated from my home network. I then switched to running the script directly from my personal device’s terminal while connected to my home Wi-Fi, and that worked perfectly.
I was able to see all devices connected to my network, such as my smartphone, laptop, and printer. This highlighted how many IoT devices are always connected to the internet, and it made me more aware of potential security risks on my network.
Best Practices & Security Considerations
Get Permission: Always obtain explicit consent before scanning a network to avoid legal and ethical issues.
Protect Data & Secure Tools: Keep scan results secure and ensure your scanning environment is properly protected.
Next Steps: Expanding the Scanner
Now that I have a working network scanner, I’m thinking of adding some enhancements:
Port Scanning: Find open ports on discovered devices.
Service Identification: Detect which services are running (e.g., HTTP, FTP).
Periodic Scans: Automate the scanning process to monitor the network for changes.
These additions would help make the tool even more useful for network monitoring and security.
Conclusion
Building this network scanner with Scapy was a fantastic learning experience. It gave me a deeper understanding of key networking concepts like ARP, IP addressing, and Ethernet. Even though I initially encountered challenges with using Oracle Cloud, running the script locally on my Mac allowed me to scan my network effectively.
If you’re just starting out with networking, I highly recommend trying this project. It’s a great way to get hands-on experience and explore the inner workings of networks while building a practical tool. Be sure to remember to change the IP address in the code so that it accurately reflects your own network. As always thanks for reading and until we meet again!
Links
