Mobile or small screen users

If you find that the navigation bar on the left-hand side is not displaying correctly you can view all the posts here.

https://tl10k.dev/categories/all/

Simple ARP script with Python Scapy

Estimated time to read: 4 minutes

• Originally Written: March, 2025

Disclaimer

The example code provided has been built and tested in my own lab, not on a production system or network. Use them at your own risk and always test in a lab environment

I needed to send some traffic to fill a switch CAM table and do some testing with ARP so I've created a simple Python script using the Python Scapy library. It will create sequential MAC/IPs depending on how many you specify and will also ping a destination for testing.

Python Scapy ARP script

from scapy.all import *
import netifaces

# Generates a sequential MAC address based on a base MAC and an index
def generate_sequential_mac(base_mac, index):

    # 1. base_mac.split(':') - split the base_mac string (which is in the format "00:50:56") into a list of strings: ['00', '50', '56']
    # 2. int(part, 16) - convert each part from hexadecimal (base 16) to a decimal (base 10) integer and store it in list
    mac_parts = [int(part, 16) for part in base_mac.split(':')]

    # create three new integers which are derived from the index (i.e which frame it's up to)
    # allows the generation of unique and sequential MAC addresses by using index to determine the last three bytes.
    # (index >> 16) & 0xFF - shifts the bits of index 16 positions to the right, then bitwise ANDs with 0xFF to extract the third byte (8 bits)
    # (index >> 8) & 0xFF - shifts the bits of index 8 positions to the right, then extracts the second byte
    # index & 0xFF - extract the least significant byte of index.
    mac_parts.extend([(index >> 16) & 0xFF, (index >> 8) & 0xFF, index & 0xFF])

    # creates a MAC address string by joining each integer in mac_parts into a two-digit hexadecimal string, separated by colons
    # f"{part:02x}" - formats each integer part as a hexadecimal string which is two characters wide. also pads with with zeros if necessary
    return ":".join(f"{part:02x}" for part in mac_parts)

def generate_sequential_ip(base_ip, index):
    # Generate a sequential IP address based on a base IP and an index
    ip_parts = base_ip.split('.')
    ip_parts[-1] = str(int(ip_parts[-1]) + index)  # Increment the last octet
    return '.'.join(ip_parts)

# Retrieve the IP and MAC address of the host interface
def get_interface_info(interface):
    try:
        addrs = netifaces.ifaddresses(interface)
        ip_address = addrs[netifaces.AF_INET][0]['addr']
        mac_address = addrs[netifaces.AF_LINK][0]['addr']
        return ip_address, mac_address
    except (KeyError, IndexError):
        raise RuntimeError(f"Could not retrieve IP or MAC address for interface {interface}. Please ensure the interface is configured correctly.")

# Send ARP request frames with sequential source MAC and IP addresses
def send_frames(interface, frame_count, base_mac, base_ip):
    try:
        host_ip, host_mac = get_interface_info(interface)

        packets = []
        for index in range(frame_count):
            sequential_mac = generate_sequential_mac(base_mac, index)
            sequential_ip = generate_sequential_ip(base_ip, index)

            # update the src, dst, psrc, pdst, hwdst, and op values as you need depending on what you're trying to test

            # ARP op=1 is an ARP request
            # ARP op=2 is an ARP reply
            pkt = Ether(src=host_mac, dst="ff:ff:ff:ff:ff:ff")/ARP(op=2, psrc=host_ip, pdst=sequential_ip, hwdst=sequential_mac)
            packets.append(pkt)

        # Send all packets at once
        sendp(packets, iface=interface, verbose=False)
        print(f"Sent {frame_count} ARP request frames from interface {interface}")

    except RuntimeError as e:
        print(e)

def send_ping(interface, dst_ip, dst_mac, count):
    # Send ICMP echo requests to a specified destination IP and MAC
    try:
        # Retrieve the source IP and MAC address from the specified interface
        src_ip, src_mac = get_interface_info(interface)
        for _ in range(count):
            # Construct the ICMP echo request packet
            pkt = Ether(src=src_mac, dst=dst_mac)/IP(src=src_ip, dst=dst_ip)/ICMP()
            # Send the packet
            sendp(pkt, iface=interface, verbose=False)
            print(f"Sent ICMP echo request to {dst_ip} with destination MAC {dst_mac}")
    except RuntimeError as e:
        print(e)

if __name__ == "__main__":
    INTERFACE = "ens224"
    FRAME_COUNT = 100    # Number of frames to send
    BASE_MAC = "00:50:56"  # Define your base MAC (first 3 bytes)
    BASE_IP = "192.168.10.1"  # Define your base IP for sequential IPs

    # Destination IP and MAC for the ping request
    DESTINATION_IP = "192.168.10.2"
    DESTINATION_MAC = "00:50:56:84:80:65"
    PING_COUNT = 10

    send_frames(INTERFACE, FRAME_COUNT, BASE_MAC, BASE_IP)
    send_ping(INTERFACE, DESTINATION_IP, DESTINATION_MAC, PING_COUNT)

Comments