Network Snoop

A program written in Python that performs network analysis/enumeration and reports back to a remote server.

• Perform scan of network using nmap
• Monitor DHCP traffic and enumerate and scan any device connecting to the network
• Ph home and report back using port 80 or 443 to avoid tripping FW
• Deployable on USB thumbdrive 

Found a good post on capture libraries on 'everything about nothing' blog and will need to further investigate into the possibility of using Pcapy & Impacket libraries for python. The device would mainly be used for monitoring networks in small businesses using one central Wifi router to monitor devices connected and usage of bandwidth etc.

Construction needs to be broken down into several steps:

- Run initial Nmap scan of the network using the commandshell version.

- Parse output and save each device as a dictionary entry

- Save dictionary to disk

- Sniff traffic

- Inspect DHCP traffic and enumerate new devices requesting an IP address

- Add new devices to dictionary

- Connect to home server via port 80 or 443 and transmit contents of dictionary file

Running Nmap from Python

First task is to work out how to drive Nmap to scan, looking around it seems to run it as an external process and use subproccess to manage interactions.

Found a good blogpost on running a nightly nmap scan using a cron job etc. Something like this would be good put without the cronjob and shell scripting

to be continued..