To access the internet, you need an IP and a MAC address. The MAC is bound to the network card, recording the device’s MAC, effectively marking the device user.
About the relationship between MAC and IP:
Beginner Level: Which time period has the most customers?
It’s a holiday today, so there are a lot of people. I want to count how many devices are online (how many IPs are being used). Principle: Send ping requests in batches, according to the protocol, the other party will respond to our ping, and then record the responding IP.
About the use of Wireshark:
Advanced Level: How many new customers arrived today? (Automated programming for LAN scanning)
There are two virtual routers on my computer (installed Parallels and VMware, two subnets), and I am also connected to a public Wi-Fi (one subnet). I programmed to automatically identify the three subnets, allowing selective scanning.
Choosing Subnets
The beginner’s method is to record IP addresses (network layer). Since this is advanced, we also record MAC addresses (data link layer).
Feature 3: Convert MAC address to network card manufacturer
Wireshark implements this function, and the principle is looking up a dictionary. I found a MAC address translation library directly on GitHub.
The program will save the analysis results to the same directory with the completion time as the file name.
The default setting of this program is a 0.2-second wait. If no response is received, it moves to the next IP. If multithreading is enabled, the average time will be shorter, but in adherence to the principle of not causing harm, it’s not included here.
Dealing with various dependencies of Scapy is truly annoying. Without experience, it takes at least half an hour to handle all dependencies from scratch. You can directly use Kali; Kali has Scapy built-in, saving the time of dealing with dependencies. Scapy is a niche tool; Wireshark is a powerful tool for network traffic analysis. Combining the two makes computer network research easier. The Mac version of Wireshark used to crash often. I downloaded the latest version this time and used it for 2 days without crashing. Those interested can give it a try.