from scapy.all import *
 
def syn():
 scrIP = '192.168.10.29'
 srcPort = 23345
 desIP = '12.39.27.23'
 desPort = 8000
 
 ip = IP(src=scrIP, dst=desIP)
 tcp = TCP(sport=srcPort, dport=desPort, seq=13131342, flags='S')
 pkg = ip/tcp
 
 # c->s syn
 res = sr1(pkg)
 res.display()

import nmap
nm=nmap.PortScanner()
nm.scan('xxx.xxx.xxx.xxx','xx') # ip地址和端口，端口不填也可以
a=nm['xxx.xxx.xxx.xxx'] #返回主機的詳細信息
print(a)
##################################
{'status': {'state': 'up', 'reason': 'arp-response'}, 
'hostnames': [{'type': 'PTR', 'name': 'bogon'}], 
'vendor': {'00:0C:29:F6:2B:F0': 'VMware'}, 
'addresses': {'mac': '00:0C:29:F6:2B:F0', 'ipv4': 'xxx.xxx.xxx.xxx'}, 
'tcp': {111: {'product': 'Microsoft Windows 7 - 10 microsoft-ds', 'state': 'open', 'version': '', 'name': 'microsoft-ds', 'conf': '10', 'extrainfo': 'workgroup: WORKGROUP', 'reason': 'syn-ack', 'cpe': 'cpe:/o:microsoft:windows'}}}

def output_cmd(command):
 r = os.popen(command)
 content = r.read()
 r.close()
 return content


def arp_command(ip_address):
 ping_cmd = "ping " + ip_address + " -n 2 "
 result = output_cmd(ping_cmd)
 find_ttl = result.find("TTL")
 if find_ttl != -1:
  arp_cmd = "arp -a %s" % ip_address
  arp_result = output_cmd(arp_cmd)
  ip2 = ip_address + " [ ]+([\w-]+)"
  ip2_mac = re.findall(ip2, arp_result)
  if len(ip2_mac):
   return ip2_mac[0]
  else:
   return 0
 else:
  result = u'無人使用的ip'
 return result

from scapy.all import *

arp_pkt = Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=ip)
res = srp1(arp_pkt, timeout=1, verbose=0)
print {"localIP": res.psrc, "mac": res.hwsrc}

[root@oradb ~]# python
Python 2.7.5 (default, Aug 4 2017, 00:39:18) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-16)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import arpreq
>>> arpreq.arpreq('192.168.xx.xxx')
'xx:xx:xx:xx:xx:xx'

from macpy import Mac

mac = Mac()
information = mac.search(00-11-F1-01-01)
print information