Build a Network Scanner with Python and Scapy
Build a Network Scanner with Python and Scapy
Imagine you’re sitting at your desk, wondering exactly which devices are lurking on your local network. Is that new smart TV actually connected? Did someone unauthorized join your Wi-Fi? Instead of guessing, you can write a script that instantly reveals every device’s IP and MAC address—right from your terminal. With Python and the powerful Scapy library, building a network scanner is not just possible; it’s surprisingly simple, and you can get it running today.
Why Scapy?
Scapy is a Python library designed for packet manipulation. It lets you craft, send, and analyze network packets at a low level, making it ideal for tasks like network scanning, intrusion detection, and protocol analysis [1][2]. Unlike higher-level tools that abstract away the details, Scapy gives you full control—perfect for learning how networks actually work.
Setting Up Your Environment
Before writing code, you need Scapy installed. It’s not included in Python by default, so you’ll add it via pip.
Install Scapy
On Linux or macOS:
pip install scapy
On Windows, you must also install Npcap and enable WinPcap API-compatible mode during installation [3]. Then run:
pip install scapy
For a clean, isolated setup, consider using a virtual environment:
mkdir scanner
cd scanner
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
pip install scapy
This approach ensures your scanner project doesn’t interfere with other Python packages [7].
The Core Idea: ARP Scanning
The most effective way to discover devices on a local network is through ARP (Address Resolution Protocol) scanning. ARP is used to map IP addresses to MAC addresses. When you send an ARP request to the entire network (broadcast), every device that receives it replies with its IP and MAC—giving you a live inventory [1][2].
Here’s how it works step-by-step:
- Create an ARP request packet.
- Set the target network range.
- Broadcast the packet to all devices.
- Capture and parse the responses.
- Print each device’s IP and MAC.
Your First Network Scanner: Working Code
Let’s build a complete, working scanner. This script will scan your local network (e.g., 192.168.1.0/24) and list all active devices.
from scapy.all import ARP, Ether, srp
# Define the network range to scan
target_ip = "192.168.1.0/24"
# Create an ARP request packet
arp = ARP(pdst=target_ip)
# Create an Ethernet frame with broadcast destination
ether = Ether(dst="ff:ff:ff:ff:ff:ff")
# Combine them into a packet
packet = ether / arp
# Send and receive packets at layer 2
result = srp(packet, timeout=3)[0]
# Store discovered clients
clients = []
for sent, received in result:
clients.append({'ip': received.psrc, 'mac': received.hwsrc})
# Print results
print("Available devices in the network:")
print("IP" + " "*18+"MAC")
for client in clients:
print(client['ip'] + " "*18 + client['mac'])
Save this as scanner.py and run it:
python scanner.py
You’ll see a list of all devices currently connected to your network [2].
Note: This script requires network access privileges. On Linux, run it with
sudo. On Windows, ensure Npcap is installed correctly [3].
Making It Actionable: Customize for Your Network
The example above uses a hardcoded IP range. To make it useful TODAY, adapt it to your actual network:
Find Your Network Range
On Linux/macOS:
ip route | grep default
On Windows:
ipconfig
Look for your IPv4 address and subnet (e.g., 192.168.1.100/24). Use the first three octets + /24 as your target.
For example, if your IP is 10.0.0.5, set:
target_ip = "10.0.0.0/24"
Add Error Handling
Wrap the scanning logic in a function and handle timeouts gracefully:
def scan_network(target):
try:
arp = ARP(pdst=target)
ether = Ether(dst="ff:ff:ff:ff:ff:ff")
packet = ether / arp
result = srp(packet, timeout=3)[0]
clients = []
for sent, received in result:
clients.append({'ip': received.psrc, 'mac': received.hwsrc})
return clients
except Exception as e:
print(f"Error: {e}")
return []
Now you can call scan_network("192.168.1.0/24") from anywhere in your code.
Beyond Basic Scanning: What’s Next?
Once you have this working, you can expand your scanner:
- Ping Scan: Use Scapy’s ICMP functionality to perform ping sweeps on IP ranges [4].
- Export to CSV: Save results to a file for logging or reporting.
- GUI Interface: Integrate with Tkinter or PyQt for a visual dashboard.
- Real-Time Monitoring: Run the scanner periodically to detect new devices joining your network.
Scapy also supports TCP, UDP, and custom protocol crafting—making it a foundation for advanced network security tools [11].
Troubleshooting Tips
- Only sees yourself? Ensure you’re on a bridged adapter (especially in VMs) so you can reach other devices [6].
-
No responses? Check firewall settings or try increasing
timeoutinsrp(). - Windows issues? Confirm Npcap is installed in WinPcap-compatible mode [3].
Start Scanning Today
You now have a fully functional network scanner that reveals every device on your local network—no guesswork, no third-party tools. Just Python, Scapy, and a few lines of code.
Try running it on your home network tonight. See what’s connected. Spot the unknown. And if you find something interesting (or suspicious), share your findings in the comments below.
Your call to action: Fork this script, customize it for your network, and push it to GitHub. Tag it with #python, #scapy, and #networksecurity. Let’s build a community of developers who understand their networks deeply.
The network is yours to explore. Start scanning.
If you found this helpful, consider buying me a coffee ☕ — it keeps these articles coming!
Also check out my AI tools collection: AI 次元世界 — free AI tools for developers.
💡 Related: **Content Creator Ultimate Bundle (Save 33%)* — $29.99*
Top comments (0)