CODEWITHSUNDEEP
pythonsocketspacket-snifferssniffingsniffer
Sathish Bowatta
Sathish Bowatta

Reputation: 151

How to capture tcp request packets?

I am trying ti capture tcp request(inbound) packets. as it describe in the black hat python book this is the sniffer code. but this sniffer does not capture tcp request packets. i need to capture from windows running environment. 

class IP(Structure):
    _fields_ = [
        ("version", c_ubyte, 4),
        ("ihl", c_ubyte, 4),
        ("tos", c_ubyte),
        ("len", c_ushort),
        ("id", c_ushort),
        ("offset", c_ushort),
        ("ttl", c_ubyte),
        ("protocol_num", c_ubyte),
        ("sum", c_ushort),
        ("src", c_uint32),
        ("dst", c_uint32)
    ]

    def __new__(self, socket_buffer=None):
        return self.from_buffer_copy(socket_buffer)

    def __init__(self, socket_buffer=None):

        # map protocol constants to their names
        self.protocol_map = {1:"ICMP", 6:"TCP", 17:"UDP"}

        self.src_address = socket.inet_ntoa(struct.pack("@I",self.src))
        self.dst_address = socket.inet_ntoa(struct.pack("@I",self.dst))

        # human readable protocol
        try:
            self.protocol = self.protocol_map[self.protocol_num]
        except:
            self.protocol = str(self.protocol_num)

if os.name == "nt":
    socket_protocol = socket.IPPROTO_IP
else:
    socket_protocol = socket.IPPROTO_ICMP

sniffer = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket_protocol)

sniffer.bind((host, 0))
sniffer.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)

# to set up promiscuous mode
if os.name == "nt":
    sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)

try:
    while True:
        # read in a packet
        raw_buffer = sniffer.recvfrom(65565)[0]

        # create an IP header from the first 20 bytes of the buffer
        ip_header = IP(raw_buffer[0:])

        # print out the protocol that was detected and the hosts
        print "Protocol: %s %s -> %s " % (ip_header.protocol, ip_header.src_address, ip_header.dst_address)

Upvotes: 2

Views: 1855

Answers (1)

user862787
user862787

Reputation:

I used wireshark. it capture all incoming and outgoing packets. but python script only captures outgoing packets.

Wireshark uses libpcap/WinPcap, which uses the OS's packet capture mechanism (libpcap) or a mechanism provided by a driver that's part of WinPcap (WinPcap) to capture packets.

That's not the mechanism that you're using. Given that your code is in Python, you might want to look at using Scapy.

Upvotes: 2

Related Questions