Unable to sniff outgoing traffic using raw sockets in python2.7
Ayush Aggarwal
ayush.agg90 at gmail.com
Fri Nov 18 00:29:03 EST 2016
Hello,
Following is my code :
#!/usr/bin/python
import socket
import struct
import binascii
rawSocket = socket.socket(socket.PF_PACKET,socket.SOCK_RAW,socket.htons(0x0800))
# use 0x0800 for IPv4 packets , 0x0003 is for sniffing all kinds of packets
while True:
pkt= rawSocket.recvfrom(2048)
ethernetHeader = pkt[0][0:14]
pr = unicode(ethernetHeader, errors='replace')
print pr
eth_hdr = struct.unpack("!6s6s2s",ethernetHeader)
print "Source MAC Address :" , binascii.hexlify(eth_hdr[1])
print "Destination MAC Address : " , binascii.hexlify(eth_hdr[0])
print "Protocol : " , binascii.hexlify(eth_hdr[2])
ipHeader = pkt[0][14:34]
ip_hdr = struct.unpack("!12s4s4s",ipHeader)
print "Source ip ADDRESS : " + socket.inet_ntoa(ip_hdr[1])
print "Destination IP Address: " + socket.inet_ntoa(ip_hdr[2])
# initial part of the tcp header
tcpHeader = pkt[0][34:54]
tcp_hdr = struct.unpack("!HH16s",tcpHeader)
print "Source Port ADDRESS : " ,tcp_hdr[0]
print "Destination Port ADDRESS : " , tcp_hdr[1]
Issues :
1. Unable to capture any outgoing IPv4 traffic. I ran the sniff()
method in Scapy and it does capture the outgoing packets.
2. I am NOT USING PROMISCUOUS MODE , still most of the packes I am
receiving neither have my IP or MAC in either of the source or
destination fields.
3. Captured data is different from the one observed using Scapy or Wireshark.
Request you to kindly clarify these observations.
Thanks and Regards,
Ayush
More information about the Python-list
mailing list