Skip to main content

Probe and monitor local network hosts — ARP, ICMP, TCP, UDP, OS fingerprinting, and network graph.

Project description

sondare

PyPI Python License: MIT

From italian: sonda di rete - network probe

About

sondare is a Python CLI tool for auditing local networks, built on top of Scapy. It provides scanning and fingerprinting methods, each running with multithreaded packet dispatch for speed.

  • ARP — discovers all active hosts on the local subnet (cannot be blocked by firewalls)
  • ICMP — pings all hosts to check reachability
  • TCP — performs a SYN scan on a target host to find open ports
  • UDP — probes UDP ports; reports open (got a UDP reply) or open|filtered (no response) ports
  • OS fingerprinting — guesses the OS of a host by analysing TTL and TCP window size in a SYN-ACK response

Requirements

  • Python 3.10+
  • Root / administrator privileges (required for raw packet access)
  • npcap (Windows only)

Installation

pipx (recommended)

sudo pipx install sondare --global

From source

git clone https://github.com/w1ldy0uth/sondare.git
cd sondare
./init.sh
source sondare_venv/bin/activate

init.sh creates a virtual environment, installs all dependencies, and registers the sondare command inside it. On Windows use init.bat and call sondare_venv\Scripts\activate instead.

Usage

sudo sondare <command> [options]

Commands

Command Description
arp ARP scan of the local subnet
ping ICMP scan of the local subnet
tcp TCP SYN port scan of a target host
udp UDP port scan of a target host
os OS fingerprint of a target host
monitor arp Watch for ARP traffic; report new hosts and MAC changes
monitor hosts Live host reachability table with auto-discovery
monitor ports Periodically SYN-scan a target and report port state changes
monitor traffic Live packet capture with per-packet protocol breakdown
graph Generate an interactive HTML network graph of the local subnet

Examples

# Discover all hosts via ARP
sudo sondare arp

# Discover live hosts via ICMP with 10s timeout
sudo sondare ping -t 10

# Scan ports 1–1024 on a target
sudo sondare tcp --target 192.168.1.1:1-1024

# Scan a single port
sudo sondare tcp --target 192.168.1.1:80

# UDP scan of common ports
sudo sondare udp --target 192.168.1.1:1-1024

# Fingerprint a host OS (auto-probes common ports)
sudo sondare os --target 192.168.1.1

# Fingerprint using a known-open port
sudo sondare os --target 192.168.1.1 --port 80

# Watch for new hosts and ARP spoofing attempts
sudo sondare monitor arp

# Monitor all hosts on the subnet (auto-discovers new/departed hosts)
sudo sondare monitor hosts

# Monitor specific hosts every 10s
sudo sondare monitor hosts --hosts 192.168.1.1 192.168.1.50 -i 10

# Watch for port state changes on a target
sudo sondare monitor ports --target 192.168.1.1:1-1024

# Live packet capture (all traffic)
sudo sondare monitor traffic

# Live capture filtered to DNS
sudo sondare monitor traffic --filter "udp port 53"

# Generate a network graph (saved as sondare_graph.html)
sudo sondare graph

# Graph with OS fingerprinting for each discovered host
sudo sondare graph --fingerprint

# Save to a custom path
sudo sondare graph -o /tmp/my_network.html

Options

arp:
  -t, --timeout     Packet timeout in seconds (default: 5)
  -v, --verbose     Verbose scapy output

ping:
  -t, --timeout     Packet timeout in seconds (default: 5)
  -th, --threads    Number of threads (default: 100)
  -v, --verbose     Verbose scapy output

tcp:
  --target          Target as ip, ip:port, or ip:start-end (default: local machine, ports 1-1000)
  -t, --timeout     Packet timeout in seconds (default: 3)
  -th, --threads    Number of threads (default: 20)
  -r, --retries     Retries per port on no response (default: 2)
  -v, --verbose     Verbose scapy output

udp:
  --target          Target as ip, ip:port, or ip:start-end (default: local machine, ports 1-1000)
  -t, --timeout     Packet timeout in seconds (default: 3)
  -th, --threads    Number of threads (default: 20)
  -r, --retries     Retries per port on no response (default: 2)
  -v, --verbose     Verbose scapy output

os:
  --target          Target IP address (required)
  --port            Port to probe; omit to auto-try common ports in parallel
  -t, --timeout     Timeout per probe in seconds (default: 3)
  -v, --verbose     Verbose scapy output

monitor arp:
  -t, --timeout     Timeout for initial ARP seed scan (default: 5)
  -v, --verbose     Verbose scapy output

monitor hosts:
  --hosts           Hosts to monitor; omit to auto-discover via ARP each round
  -i, --interval    Seconds between ping rounds (default: 30)
  -t, --timeout     Ping timeout in seconds (default: 2)
  -th, --threads    Concurrent pings per round (default: 50)
  -v, --verbose     Verbose scapy output

monitor ports:
  --target          Target as ip, ip:port, or ip:start-end (default: local machine, ports 1-1000)
  -i, --interval    Seconds between scans (default: 60)
  -t, --timeout     Timeout per probe in seconds (default: 3)
  -th, --threads    Concurrent probes per scan (default: 20)
  -v, --verbose     Verbose scapy output

monitor traffic:
  --filter          BPF filter expression (e.g. 'tcp', 'udp port 53', 'host 192.168.1.1')
  -v, --verbose     Verbose scapy output

graph:
  --fingerprint     OS-fingerprint each discovered host (TCP SYN, falls back to ICMP TTL)
  -o, --output      Output file path (default: sondare_graph.html)
  -t, --timeout     ARP scan timeout in seconds (default: 3)
  -th, --threads    Concurrent fingerprint probes (default: 10)
  -v, --verbose     Verbose scapy output

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sondare-1.0.2.tar.gz (31.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sondare-1.0.2-py3-none-any.whl (27.6 kB view details)

Uploaded Python 3

File details

Details for the file sondare-1.0.2.tar.gz.

File metadata

  • Download URL: sondare-1.0.2.tar.gz
  • Upload date:
  • Size: 31.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for sondare-1.0.2.tar.gz
Algorithm Hash digest
SHA256 a1291172f61cb45ca6e06388d3bacc9b046f12bd21ed32681004b15c69464ecd
MD5 ab33a05668b39ebbc7c12eb342033286
BLAKE2b-256 d3303e3c03f21df2246bd28e0a30a1a5fff3c9722023adc93c09739e786da502

See more details on using hashes here.

Provenance

The following attestation bundles were made for sondare-1.0.2.tar.gz:

Publisher: publish.yml on w1ldy0uth/sondare

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file sondare-1.0.2-py3-none-any.whl.

File metadata

  • Download URL: sondare-1.0.2-py3-none-any.whl
  • Upload date:
  • Size: 27.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for sondare-1.0.2-py3-none-any.whl
Algorithm Hash digest
SHA256 3372b52c564e8ec6b698e356e5b56d5b9941becfd0ed11bc672a76c9c556f172
MD5 fa58951e09a1303122c73c666cc96da4
BLAKE2b-256 edb5a6f6f1d64ecdec0c67888b0b6b47e4719d63b96686c77b48a25f367d55f3

See more details on using hashes here.

Provenance

The following attestation bundles were made for sondare-1.0.2-py3-none-any.whl:

Publisher: publish.yml on w1ldy0uth/sondare

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page