ARP Cache Monitor with Python... 1

[ov3rdr1ve]

I am wanting to write a python program to be able to monitor my ARP cache (windows). I am having a bit of trouble trying to find a module that allows me access to the ARP cahce functionality of Windows. I have read up a bit on the SCAPY module and the pcap modules for Python, but figured I would ask the question to the brain-power that is tek-tips first before I venture too far for advice.

ps. I am still pretty new to python programming so be gentle.

Thanks in advance!
Chance ~

 

[mikrom]

I am wanting to write a python program to be able to monitor my ARP cache (windows).

How to monitor?

In windows you have a command named arp with this options

C:\>arp /?

Displays and modifies the IP-to-Physical address translation tables used by
address resolution protocol (ARP).

ARP -s inet_addr eth_addr [if_addr]
ARP -d inet_addr [if_addr]
ARP -a [inet_addr] [-N if_addr]

  -a            Displays current ARP entries by interrogating the current
                protocol data.  If inet_addr is specified, the IP and Physical
                addresses for only the specified computer are displayed.  If
                more than one network interface uses ARP, entries for each ARP
                table are displayed.
  -g            Same as -a.
  inet_addr     Specifies an internet address.
  -N if_addr    Displays the ARP entries for the network interface specified
                by if_addr.
  -d            Deletes the host specified by inet_addr. inet_addr may be
                wildcarded with * to delete all hosts.
  -s            Adds the host and associates the Internet address inet_addr
                with the Physical address eth_addr.  The Physical address is
                given as 6 hexadecimal bytes separated by hyphens. The entry
                is permanent.
  eth_addr      Specifies a physical address.
  if_addr       If present, this specifies the Internet address of the
                interface whose address translation table should be modified.
                If not present, the first applicable interface will be used.
Example:
  > arp -s 157.55.85.212   00-aa-00-62-c6-09  .... Adds a static entry.
  > arp -a                                    .... Displays the arp table.

It is windows command and this command can be used from Python as ecvery other windows command using the methods system(), popen(),.. from the modul os, for example

>>> import os
>>> os.system('arp -a')
0
>>> lines = os.popen('arp -a')
>>> lines
<open file 'arp -a', mode 'r' at 0x00E02380>
>>> for line in lines:
... 	print line
... 	


Interface: 10.0.11.173 --- 0x2

  Internet Address      Physical Address      Type
[COLOR=red]...other lines follows[/color]

 

[ov3rdr1ve]

Yes this is exactly what I am looking for!

Thank you, I will work with this!

Great!! Star for You!
Chance ~

 

[ov3rdr1ve]

What does the line:

<open file 'arp -a', mode 'r' at 0x00E02380>

signify?

 

[mikrom]

What does the line:

<open file 'arp -a', mode 'r' at 0x00E02380>

It doesn't nothing. It is only the value of the object lines which is the result of os.popen() and as you can read here for example

http://docs.python.org/library/os.html#os.popen

it is an open file object connected to the pipe (in read only mode).
You can then iterate over this object similar as you do it with a text file, i.e.

for line in lines:
  [i]process_line[/i]