brentvollebregt/whos-on-my-network

The default scanner is not working due to libpcap missing

brentvollebregt opened this issue · 3 comments

brentvollebregt commented

This is probably similar to #13 - we need libpcap setup in the container.

Seems that RUN apk add libpcap isn't cutting it.

Managed to work it down to these lines not working:

from ctypes.util import find_library
find_library("pcap")

Ideally something like find_library("bz2") would always work but even that doesn't - this might be an issue outside of libpcap and maybe with the alpine image and what it doesn't have.

brentvollebregt commented

This comment lets us know we need gcc.

While this gets pcap working, I see we now may have networking issues with the docker container. ping works fine however scapy's arping doesn't seem to be getting any responses. I have double-checked the interface and that doesn't seem to be the issues 🤔

brentvollebregt commented

It appears since docker uses its own network and ARP uses MAC addresses (as opposed to IP addresses), the packets are not routed out of the container. Have tried the "host" network but that isn't helping.

Can use this to test within a running container:

from scapy.all import arping
arping("192.168.1.0/24")

Using arping, I was able to see ARP packets are not being answered but I can ping:

/app # arping -I eth0 -c 3 192.168.20.1
ARPING 192.168.20.1
Timeout
Timeout
Timeout

--- 192.168.20.1 statistics ---
3 packets transmitted, 0 packets received, 100% unanswered (0 extra)

/app # ping 192.168.20.1
PING 192.168.20.1 (192.168.20.1): 56 data bytes
64 bytes from 192.168.20.1: seq=0 ttl=63 time=12.413 ms
64 bytes from 192.168.20.1: seq=1 ttl=63 time=10.433 ms
64 bytes from 192.168.20.1: seq=2 ttl=63 time=6.768 ms
64 bytes from 192.168.20.1: seq=3 ttl=63 time=6.105 ms
^C
--- 192.168.20.1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 6.105/8.929/12.413 ms

This was with network_mode: host, privileged: true and cap_add: - NET_ADMIN - NET_RAW - if this setup doesn't work, I don't think we can setup the network to be able to do what we want. I also tried macvlan but only the host replied.

brentvollebregt commented

Seems the latest issue was due to networking - even when using network_mode: host, docker on Windows still uses an internal network which means ARP packets are not sent on the correct network. Linux seems to work fine.

Findings have been added to the default scanner in 8c336c9