starred/whos-on-my-network
1
0
Fork 0
mirror of https://github.com/brentvollebregt/whos-on-my-network.git synced 2026-04-25 03:25:51 +03:00
Code Issues 13 Projects Releases 8 Packages Wiki Activity

[GH-ISSUE #31] The default scanner is not working due to libpcap missing #7

New issue
Closed
opened 2026-02-26 12:22:21 +03:00 by kerem · 3 comments
kerem commented 2026-02-26 12:22:21 +03:00
Owner
Copy link

Originally created by @brentvollebregt on GitHub (Nov 24, 2023).
Original GitHub issue: https://github.com/brentvollebregt/whos-on-my-network/issues/31

This is probably similar to #13 - we need libpcap setup in the container.

Seems that RUN apk add libpcap isn't cutting it.

Managed to work it down to these lines not working:

from ctypes.util import find_library
find_library("pcap")

Ideally something like find_library("bz2") would always work but even that doesn't - this might be an issue outside of libpcap and maybe with the alpine image and what it doesn't have.

Originally created by @brentvollebregt on GitHub (Nov 24, 2023). Original GitHub issue: https://github.com/brentvollebregt/whos-on-my-network/issues/31 This is probably similar to #13 - we need libpcap setup in the container. Seems that `RUN apk add libpcap` isn't cutting it. Managed to work it down to [these lines](https://github.com/secdev/scapy/blob/088d58ac2aee30091ad389b3625e46dffd651647/scapy/libs/winpcapy.py#L38) not working: ```python from ctypes.util import find_library find_library("pcap") ``` Ideally something like `find_library("bz2")` would always work but even that doesn't - this might be an issue outside of libpcap and maybe with the alpine image and what it doesn't have.
kerem closed this issue 2026-02-26 12:22:21 +03:00
kerem commented 2026-02-26 12:22:22 +03:00
Author
Owner
Copy link

@brentvollebregt commented on GitHub (Nov 24, 2023):

This comment lets us know we need gcc.

While this gets pcap working, I see we now may have networking issues with the docker container. ping works fine however scapy's arping doesn't seem to be getting any responses. I have double-checked the interface and that doesn't seem to be the issues 🤔

<!-- gh-comment-id:1825221510 --> @brentvollebregt commented on GitHub (Nov 24, 2023): [This comment](https://github.com/docker-library/python/issues/111#issuecomment-229567781) lets us know we need `gcc`. While this gets pcap working, I see we now may have networking issues with the docker container. `ping` works fine however scapy's arping doesn't seem to be getting any responses. I have double-checked the interface and that doesn't seem to be the issues 🤔
kerem commented 2026-02-26 12:22:22 +03:00
Author
Owner
Copy link

@brentvollebregt commented on GitHub (Nov 24, 2023):

It appears since docker uses its own network and ARP uses MAC addresses (as opposed to IP addresses), the packets are not routed out of the container. Have tried the "host" network but that isn't helping.

Can use this to test within a running container:

from scapy.all import arping
arping("192.168.1.0/24")

Using arping, I was able to see ARP packets are not being answered but I can ping:

/app # arping -I eth0 -c 3 192.168.20.1
ARPING 192.168.20.1
Timeout
Timeout
Timeout

--- 192.168.20.1 statistics ---
3 packets transmitted, 0 packets received, 100% unanswered (0 extra)

/app # ping 192.168.20.1
PING 192.168.20.1 (192.168.20.1): 56 data bytes
64 bytes from 192.168.20.1: seq=0 ttl=63 time=12.413 ms
64 bytes from 192.168.20.1: seq=1 ttl=63 time=10.433 ms
64 bytes from 192.168.20.1: seq=2 ttl=63 time=6.768 ms
64 bytes from 192.168.20.1: seq=3 ttl=63 time=6.105 ms
^C
--- 192.168.20.1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 6.105/8.929/12.413 ms

This was with network_mode: host, privileged: true and cap_add: - NET_ADMIN - NET_RAW - if this setup doesn't work, I don't think we can setup the network to be able to do what we want. I also tried macvlan but only the host replied.

<!-- gh-comment-id:1825510744 --> @brentvollebregt commented on GitHub (Nov 24, 2023): It appears since docker uses its own network and ARP uses MAC addresses (as opposed to IP addresses), the packets are not routed out of the container. Have tried the "host" network but that isn't helping. Can [use this](https://scapy.readthedocs.io/en/latest/usage.html#arp-ping) to test within a running container: ```python from scapy.all import arping arping("192.168.1.0/24") ``` Using arping, I was able to see ARP packets are not being answered but I can ping: ``` /app # arping -I eth0 -c 3 192.168.20.1 ARPING 192.168.20.1 Timeout Timeout Timeout --- 192.168.20.1 statistics --- 3 packets transmitted, 0 packets received, 100% unanswered (0 extra) /app # ping 192.168.20.1 PING 192.168.20.1 (192.168.20.1): 56 data bytes 64 bytes from 192.168.20.1: seq=0 ttl=63 time=12.413 ms 64 bytes from 192.168.20.1: seq=1 ttl=63 time=10.433 ms 64 bytes from 192.168.20.1: seq=2 ttl=63 time=6.768 ms 64 bytes from 192.168.20.1: seq=3 ttl=63 time=6.105 ms ^C --- 192.168.20.1 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 6.105/8.929/12.413 ms ``` This was with `network_mode: host`, `privileged: true` and `cap_add: - NET_ADMIN - NET_RAW` - if this setup doesn't work, I don't think we can setup the network to be able to do what we want. I also tried macvlan but only the host replied.
kerem commented 2026-02-26 12:22:22 +03:00
Author
Owner
Copy link

@brentvollebregt commented on GitHub (Nov 25, 2023):

Seems the latest issue was due to networking - even when using network_mode: host, docker on Windows still uses an internal network which means ARP packets are not sent on the correct network. Linux seems to work fine.

Findings have been added to the default scanner in 8c336c909d

<!-- gh-comment-id:1826204598 --> @brentvollebregt commented on GitHub (Nov 25, 2023): Seems the latest issue was due to networking - even when using `network_mode: host`, docker on Windows still uses an internal network which means ARP packets are not sent on the correct network. Linux seems to work fine. Findings have been added to the default scanner in 8c336c909d4e2943b65f0d94ba969d3e92838624
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dependabot/npm_and_yarn/webapp/minimist-1.2.8
dependabot/npm_and_yarn/webapp/luxon-1.28.1
dependabot/npm_and_yarn/webapp/json5-1.0.2
dependabot/npm_and_yarn/webapp/express-4.18.2
dependabot/npm_and_yarn/webapp/qs-and-express-6.11.0
dependabot/npm_and_yarn/webapp/decode-uri-component-0.2.2
dependabot/npm_and_yarn/webapp/loader-utils-and-react-scripts-2.0.3
dependabot/npm_and_yarn/webapp/terser-4.8.1
dependabot/npm_and_yarn/webapp/eventsource-1.1.1
dependabot/npm_and_yarn/webapp/async-2.6.4
dependabot/npm_and_yarn/webapp/url-parse-1.5.10
dependabot/npm_and_yarn/webapp/follow-redirects-1.14.8
v3.0.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.0
v2.0.2
v2.0.1
v2.0.0
v1.0.0
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/whos-on-my-network#7
No description provided.