468,244 Members | 1,875 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,244 developers. It's quick & easy.

Impacket and packet sniffing

16
Hi All

I have found the simple script that sniffs ICMP packets using Impacket and pcapy. At the moment it is capturing the packet header and data, I was just wondering if anyone knows a way to get it to capture the packet headers only?
Expand|Select|Wrap|Line Numbers
  1. #!/usr/bin/python
  2. ### sniffer
  3. import pcapy
  4. from impacket.ImpactDecoder import *
  5.  
  6. def recv_pkts(hdr, data):
  7.     x = EthDecoder().decode(data)
  8.     print x
  9.  
  10. def get_int():
  11.     devs = pcapy.findalldevs()
  12.     i=0
  13.     for eth in devs:
  14.         print " %d - %s" %(i,devs[i])
  15.         i+=1
  16.     sel=input(" Select interface: ")
  17.     dev=devs[sel]
  18.     return dev
  19.  
  20. dev = get_int()
  21. p = pcapy.open_live(dev, 1500, 0, 100)
  22. p.setfilter('icmp')
  23. print "Listening on eth: net=%s, mask=%s\n" % (p.getnet(), p.getmask())
  24. p.loop(-1, recv_pkts) 
Thanks
Aug 1 '07 #1
3 7942
bartonc
6,596 Expert 4TB
Hi All

I have found the simple script that sniffs ICMP packets using Impacket and pcapy. At the moment it is capturing the packet header and data, I was just wondering if anyone knows a way to get it to capture the packet headers only?
Expand|Select|Wrap|Line Numbers
  1. #!/usr/bin/python
  2. ### sniffer
  3. import pcapy
  4. from impacket.ImpactDecoder import *
  5.  
  6. def recv_pkts(hdr, data):
  7.     x = EthDecoder().decode(data)
  8.     print x
  9.  
  10. def get_int():
  11.     devs = pcapy.findalldevs()
  12.     i=0
  13.     for eth in devs:
  14.         print " %d - %s" %(i,devs[i])
  15.         i+=1
  16.     sel=input(" Select interface: ")
  17.     dev=devs[sel]
  18.     return dev
  19.  
  20. dev = get_int()
  21. p = pcapy.open_live(dev, 1500, 0, 100)
  22. p.setfilter('icmp')
  23. print "Listening on eth: net=%s, mask=%s\n" % (p.getnet(), p.getmask())
  24. p.loop(-1, recv_pkts) 
Thanks
I think I see what's going on here:
On line 24, the loop() function gets the recv_pkts() function (defined on line 6) as its second argument. That makes the (hdr, data) arguments required. All you have to do is not use the data in YOUR recv_pkts() function:
Expand|Select|Wrap|Line Numbers
  1. def recv_pkts(hdr, data):
  2.     ##  x = EthDecoder().decode(data)
  3.     print hdr
Aug 1 '07 #2
T00l
16
Hi, Thanks for the reply, I have done as suggested and it does now appear to only be reading the headers, however they are in the format as shown below and not printing the actual header data, any ideas why?

C:\scripts>python tcp.py
0 - \Device\NPF_GenericDialupAdapter
1 - \Device\NPF_{60B0D7E9-10AC-46F6-8528-A40D066DFF72}
2 - \Device\NPF_{62E01695-B732-41F6-9F22-A9B92D20E3F2}
3 - \Device\NPF_{0650A74D-212C-4E76-89A1-E4D4F18EA3DE}
Select interface: 2
Listening on eth: net=80.42.47.246, mask=255.255.255.255

<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>

Many Thanks
Aug 2 '07 #3
T00l
16
Hi, Thanks for the reply, I have done as suggested and it does now appear to only be reading the headers, however they are in the format as shown below and not printing the actual header data, any ideas why?

C:\scripts>python tcp.py
0 - \Device\NPF_GenericDialupAdapter
1 - \Device\NPF_{60B0D7E9-10AC-46F6-8528-A40D066DFF72}
2 - \Device\NPF_{62E01695-B732-41F6-9F22-A9B92D20E3F2}
3 - \Device\NPF_{0650A74D-212C-4E76-89A1-E4D4F18EA3DE}
Select interface: 2
Listening on eth: net=80.42.47.246, mask=255.255.255.255

<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>

Many Thanks

I've been playing around with this a bit more and it looks like it isn't just icking up the headers but is displaying an error for each packet receieved. I've tried to modify the code as below

def recv_pkts(hdr, data):
x = IPDecoder(hdr)
print x

But getting the following error

Traceback (most recent call last):
File "tcp.py", line 25, in <module>
p.loop(-1, recv_pkts)
File "tcp.py", line 8, in recv_pkts
x = IPDecoder(hdr)
TypeError: __init__() takes exactly 1 argument (2 given)

Anyone got any ideas?

Thanks
Aug 5 '07 #4

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

reply views Thread by ias0nas | last post: by
2 posts views Thread by billiejoex | last post: by
2 posts views Thread by Anony | last post: by
reply views Thread by Nuno Magalhaes | last post: by
4 posts views Thread by Dusan Micuch | last post: by
reply views Thread by NPC403 | last post: by
reply views Thread by kermitthefrogpy | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.