Help with ARP scan/reverse DNS script

From: Jason Noble (sysadmin_at_polezero.com)
Date: 09/29/04 

To: beginners@perl.org
Date: Wed, 29 Sep 2004 11:07:35 -0400

this script is supposed to take an input like 10.0.1.0/24
and output something like this
HOSTNAME MACADDRESS
node-1 00:30:48:28:E9:7E
node-2 00:30:48:29:12:1A

but it is only returning very few if any results.
anyone have any ideas, or maybe a better way to do this?

#!/usr/bin/perl
use strict;

use Getopt::Std;
use Net::DNS;
use IO::Select;
use Net::Netmask;

my $timeout = 5;
my $nameserver = "10.0.1.240";
my $subnet;
my %host;
my %opts;
getopts('n:', \%opts);

die "Usage: arp-scan_lookup.pl -n 10.0.0.0/24\n"
   unless $opts{n};

use Net::Pkt::DescL2;
Net::Pkt::DescL2->new;

use Net::Pkt::Quick;

$subnet = Net::Netmask->new2($opts{n});

my @frames;
for ($subnet->enumerate) {
   my $frame = Net::Pkt::Quick->arpRequest(
      whoHas => "$_",
      tell => $Net::Pkt::Ip,
      tellMac => $Net::Pkt::Mac,
      toMac => 'broadcast',
   );
   push @frames, $frame;
}

use Net::Pkt::Dump;
my $dump = Net::Pkt::Dump->new(
   filter => "arp",
   unlinkAfterAnalyze => 1,
);

$dump->start;

$frames[$_ - 1]->send for $subnet->enumerate;

$dump->stop;

$dump->analyze;
my @replies;
for ($subnet->enumerate) {
   my $reply = $frames[$_ - 1]->recv;
   next unless $reply;
   push @replies, $reply;
}

sub lookup {
    my $ip_address = shift;
    my $result;
    my $res = new Net::DNS::Resolver;
    $res->nameservers( $nameserver );
    my $bgsock = $res->bgsend( $ip_address );
    my $sel = new IO::Select($bgsock);
    my @ready = $sel->can_read($timeout);
    if (@ready) {
        foreach my $sock (@ready) {
            if ($sock == $bgsock) {
                my $packet = $res->bgread($bgsock);
                if ($packet) {
                    foreach my $rr ($packet->answer) {
                        my $hostname = $rr->rdatastr;
                        $hostname =~ s/\.pz.local.//g;
                        $result = $hostname;
                    }
                }
                else {
                    $result = $ip_address;
                }
                $bgsock = undef;
            }
            $sel->remove($sock);
            $sock = undef;
        }
    }
    else {
        $result = $ip_address;
    }
    if ( $result eq "" ) { $result = $ip_address; }
    return $result;
}

print lookup($_->arpSrcIp), " ", $_->arpSrc, "\n" for @replies;

Relevant Pages

  • Re: Script error in OE6 html email
    ... That makes sense in that it only happens in replies and not new ... It could be that one of those is including the script as a means to ... When it arrives in her inbox, the line of code has been added. ... ::: As well any original emails are from the default account. ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • [HPADM] SUMMARY: Parse file using awk
    ... I received three replies and I ended up using Brett Geer's Script. ... like to add the size and no of files column to get a grand total. ... I am looking for a simple awk snippet. ...
    (HP-UX-Admin)
  • Re: inserting dot
    ... > thanks for your replies, I looked into the substr thingy, and made ... > this little script.. ... but i'm getting this strange error message: ...
    (comp.lang.perl.misc)
  • Re: Can I modify the date headers in received messages?
    ... sent (replies) in the same folder, and want those replies to be listed ... The script worked great as an application but for some reason I ... > set currentMessages to the current messages ... > repeat with theMsg in the currentMessages ...
    (microsoft.public.mac.office.entourage)
  • Re: Domain logon script runs minimised
    ... PLEASE post all messages and replies in the newsgroups ... > Windows 2000 Professional workstations. ... > netlogon script from that server's netlogon share. ...
    (microsoft.public.win2000.general)