python: using raw socket with OSX

Question

I found this code online and found that it doesn't work on OSX. Does anyone know the correct method without using a third party library?

import socket
import struct
import binascii
rawSocket = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(0x0003))
while True:
    packet = rawSocket.recvfrom(2048)
    ethernet_header = packet[0][0:14]
    ethernet_detailed = struct.unpack(“!6s6s2s”, ethernet_header)
    arp_header = packet[0][14:42]
    arp_detailed = struct.unpack(“2s2s1s1s2s6s4s6s4s”, arp_header)
    # skip non-ARP packets
    ethertype = ethernet_detailed[2]
    if ethertype != ‘\x08\x06’:
        continue
    source_mac = binascii.hexlify(arp_detailed[5])
    dest_ip = socket.inet_ntoa(arp_detailed[8])
    if source_mac == ‘74c24671971c’:
        print “Tide button pressed!, IP = “ + dest_ip

apparantly OSX does not have AF_PACKET or PF_PACKET and AF_INET is too high level for this I think, or at the very least requires more recoding than a drop in replacement.

Thanks

Answer 1

ok I figured this one out, on a mac I have to use pcap library. Here is the code I came up with.

#!/usr/bin/env python2.7

import sys, binascii, subprocess
import dpkt, pcap, socket

cottonelle = 'f0272d8b52c0'

def main():
    name = pcap.lookupdev()
    try:
        pc = pcap.pcap(name)
    except:
        print pc.geterr()

    try:
        print 'listening on %s' % (pc.name)
        for ts, pkt in pc:
            eth = dpkt.ethernet.Ethernet(pkt)
            ip_hdr = eth.data
            if eth.type != dpkt.ethernet.ETH_TYPE_ARP:
                continue
            if binascii.hexlify(eth.src) == cottonelle:
                subprocess.call("/usr/local/bin/stopsim", shell=True)
    except Exception as e:
        print e, pc.geterr()

if __name__ == '__main__':
    main()