arpyng_monitor arp scapy monitor

arpyng_monitor.py

#!/usr/local/bin/python2.7
# -*- coding: utf-8 -*-


import os
import re
import time
from scapy.all import arping, ARP, sniff
from xml_default_dict import xml_default_dict
from collections import defaultdict
from threading import Thread
from subprocess import call


xmldoc = xml_default_dict().run()
ifaces = xmldoc['interfaces']
oui_list = filter(None, open('oui.csv', 'r').read().split('\n')[1:])

class arp_monitor(Thread):

    def __init__(self, _iface):
        Thread.__init__(self)
        self.arp_cmd = "/usr/sbin/arp -d -i {} -an".format(_iface)
        self.iface = _iface

    def format_mac(self, _mac):
        return "".join(_mac.split(":")[:5]

    def get_oui_name(self, _mac):
        return [x.split(',')[2] for x in f if x.split(',')[1] == format_mac(_mac.upper())]

    def count_hosts(self, pkt):
        if pkt[ARP].op == 2:
            if self.hosts[pkt[ARP].psrc]:
                self.hosts[pkt[ARP].psrc].append(pkt[ARP].hwsrc)
            else:
                self.hosts[pkt[ARP].psrc] = []
                self.hosts[pkt[ARP].psrc].append(pkt[ARP].hwsrc)
        if self.hosts[pkt[ARP].psrc] and len(self.hosts[pkt[ARP].psrc]) >= 2:
            print self.hosts[pkt[ARP].psrc]

    def run(self):
        while True:
            self.hosts = defaultdict(lambda: False)
            call([self.arp_cmd], shell=True)
            sniff(prn=self.count_hosts, filter='arp', iface=str(self.iface), timeout=60)
            time.sleep(240)

for iface in ifaces:
    start_arp_monitor = arp_monitor(ifaces[iface]['if'])
    start_arp_monitor.start()