for loop stuck at the first items in the list - python

Question

i would like to create script to extract IP and MAC address from ARP protocol (passive Scan) i used python3.8 and scapy 2.4.4 on debian. The code that I use returns all addresses, but I want it to print out the IPs/MACs without repetition, so i created a list, to check if the MAC was previously registered or not, and if it was not registered it will added to the list and appears in the output. but the for loop stuck at the first items in the list, then all MACs was printed out.

the code:

from scapy.all import *
print("-"*33,"\nIP\t\tMac Address\n","-"*33)
mac_list = [1]
def arp_display(pkt):
    if ((pkt[ARP].op == 2 ) or (pkt[ARP].op == 1 )):
        new_mac = pkt[ARP].hwsrc
        for i in mac_list :
            if ( i != new_mac):
            mac_list.append(new_mac)
            return f"{pkt[ARP].psrc}    {pkt[ARP].hwsrc} "
sniff(prn=arp_display, filter="arp", store=0, iface='eth0')

I tried printing the (i) value , new MAC and list values using the code that:

from scapy.all import *
print("-"*33,"\nIP\t\tMac Address\n","-"*33)
mac_list = [1]
def arp_display(pkt):
    if ((pkt[ARP].op == 2 ) or (pkt[ARP].op == 1 )): #is-at (response)
        new_mac = pkt[ARP].hwsrc
        for i in mac_list :
            print("i=",i)
            print("New MAC", new_mac)
            print("List=", mac_list)
            if ( i != new_mac):
                mac_list.append(new_mac)
                return f"{pkt[ARP].psrc}    {pkt[ARP].hwsrc} "
sniff(prn=arp_display, filter="arp", store=0, iface='eth0')

the out put was like:

---------------------------------
IP              Mac Address
 ---------------------------------
i= 1
New MAC 3c:95:09:77:86:01
List= [1]
192.168.60.2    3c:95:09:77:86:01
i= 1
New MAC 00:0c:29:de:7b:39
List= [1, '3c:95:09:77:86:01']
192.168.60.3    00:0c:29:de:7b:39
i= 1
New MAC 3c:47:11:bf:84:f2
List= [1, '3c:95:09:77:86:01', '00:0c:29:de:7b:39']
192.168.60.1    3c:47:11:bf:84:f2
i= 1
New MAC 00:0c:29:de:7b:39
List= [1, '3c:95:09:77:86:01', '00:0c:29:de:7b:39', '3c:47:11:bf:84:f2']
192.168.60.3    00:0c:29:de:7b:39

as you see the list have items but the for loop stuck an the first one.

Answer 1

@BatWannaBe you are right, the return on wrong place, i was tried to write it out of for loop then i get it right.

The second mistake is the Loop function passes all the elements separately, then adds the value of the new item (new_mac) if it does not match the element that the Loop function passed to (mac_list), and to avoid this problem I added the Double variable ,so when the loop function passes through the list items (mac_list), it will adds the value 0 if it does not match, Otherwise will add the value 1 and then break the Loop function.

Thus, we have made sure that the new MAC address is in the list or not.

And the final code is as follows:

from scapy.all import *
print("-"*33,"\nIP\t\tMac Address\n","-"*33)
mac_list = ['1']
output = ""
def arp_display(pkt):
    if ((pkt[ARP].op == 2 ) or (pkt[ARP].op == 1 )): #is-at (response)
        new_mac = str(pkt[ARP].hwsrc)
        double = 0
        for i in mac_list :
            if ( i != new_mac ):
                double = 0
            else:
                double = 1
                break
        if(double == 0):
            mac_list.append(new_mac)
            output = f"{pkt[ARP].psrc}    {pkt[ARP].hwsrc} "
        else:
            output = None
    return output
sniff(prn=arp_display, filter="arp", store=0, iface='eth0')

Answer 2

1 will never be equal to a MAC address, so every iteration, if (i != new_mac): will be true, and then you return from that body, which will prevent further iteration.

Just use a set instead. Sets can't contains duplicates, so you don't need to worry about duplicate entries:

mac_set = set()  # A set instead of a list
def arp_display(pkt):
    if ((pkt[ARP].op == 2) or (pkt[ARP].op == 1)): #is-at (response)
        new_mac = pkt[ARP].hwsrc
        mac_set.add(new_mac)  # add instead of append
        return f"{pkt[ARP].psrc}    {pkt[ARP].hwsrc} "

This will not maintain order though, since sets are unordered.