By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,846 Members | 1,862 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,846 IT Pros & Developers. It's quick & easy.

Impacket and packet sniffing

P: 16
Hi All

I have found the simple script that sniffs ICMP packets using Impacket and pcapy. At the moment it is capturing the packet header and data, I was just wondering if anyone knows a way to get it to capture the packet headers only?
Expand|Select|Wrap|Line Numbers
  1. #!/usr/bin/python
  2. ### sniffer
  3. import pcapy
  4. from impacket.ImpactDecoder import *
  5.  
  6. def recv_pkts(hdr, data):
  7.     x = EthDecoder().decode(data)
  8.     print x
  9.  
  10. def get_int():
  11.     devs = pcapy.findalldevs()
  12.     i=0
  13.     for eth in devs:
  14.         print " %d - %s" %(i,devs[i])
  15.         i+=1
  16.     sel=input(" Select interface: ")
  17.     dev=devs[sel]
  18.     return dev
  19.  
  20. dev = get_int()
  21. p = pcapy.open_live(dev, 1500, 0, 100)
  22. p.setfilter('icmp')
  23. print "Listening on eth: net=%s, mask=%s\n" % (p.getnet(), p.getmask())
  24. p.loop(-1, recv_pkts) 
Thanks
Aug 1 '07 #1
Share this Question
Share on Google+
3 Replies


bartonc
Expert 5K+
P: 6,596
Hi All

I have found the simple script that sniffs ICMP packets using Impacket and pcapy. At the moment it is capturing the packet header and data, I was just wondering if anyone knows a way to get it to capture the packet headers only?
Expand|Select|Wrap|Line Numbers
  1. #!/usr/bin/python
  2. ### sniffer
  3. import pcapy
  4. from impacket.ImpactDecoder import *
  5.  
  6. def recv_pkts(hdr, data):
  7.     x = EthDecoder().decode(data)
  8.     print x
  9.  
  10. def get_int():
  11.     devs = pcapy.findalldevs()
  12.     i=0
  13.     for eth in devs:
  14.         print " %d - %s" %(i,devs[i])
  15.         i+=1
  16.     sel=input(" Select interface: ")
  17.     dev=devs[sel]
  18.     return dev
  19.  
  20. dev = get_int()
  21. p = pcapy.open_live(dev, 1500, 0, 100)
  22. p.setfilter('icmp')
  23. print "Listening on eth: net=%s, mask=%s\n" % (p.getnet(), p.getmask())
  24. p.loop(-1, recv_pkts) 
Thanks
I think I see what's going on here:
On line 24, the loop() function gets the recv_pkts() function (defined on line 6) as its second argument. That makes the (hdr, data) arguments required. All you have to do is not use the data in YOUR recv_pkts() function:
Expand|Select|Wrap|Line Numbers
  1. def recv_pkts(hdr, data):
  2.     ##  x = EthDecoder().decode(data)
  3.     print hdr
Aug 1 '07 #2

P: 16
Hi, Thanks for the reply, I have done as suggested and it does now appear to only be reading the headers, however they are in the format as shown below and not printing the actual header data, any ideas why?

C:\scripts>python tcp.py
0 - \Device\NPF_GenericDialupAdapter
1 - \Device\NPF_{60B0D7E9-10AC-46F6-8528-A40D066DFF72}
2 - \Device\NPF_{62E01695-B732-41F6-9F22-A9B92D20E3F2}
3 - \Device\NPF_{0650A74D-212C-4E76-89A1-E4D4F18EA3DE}
Select interface: 2
Listening on eth: net=80.42.47.246, mask=255.255.255.255

<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>

Many Thanks
Aug 2 '07 #3

P: 16
Hi, Thanks for the reply, I have done as suggested and it does now appear to only be reading the headers, however they are in the format as shown below and not printing the actual header data, any ideas why?

C:\scripts>python tcp.py
0 - \Device\NPF_GenericDialupAdapter
1 - \Device\NPF_{60B0D7E9-10AC-46F6-8528-A40D066DFF72}
2 - \Device\NPF_{62E01695-B732-41F6-9F22-A9B92D20E3F2}
3 - \Device\NPF_{0650A74D-212C-4E76-89A1-E4D4F18EA3DE}
Select interface: 2
Listening on eth: net=80.42.47.246, mask=255.255.255.255

<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>
<Pkthdr object at 0x00B1A530>

Many Thanks

I've been playing around with this a bit more and it looks like it isn't just icking up the headers but is displaying an error for each packet receieved. I've tried to modify the code as below

def recv_pkts(hdr, data):
x = IPDecoder(hdr)
print x

But getting the following error

Traceback (most recent call last):
File "tcp.py", line 25, in <module>
p.loop(-1, recv_pkts)
File "tcp.py", line 8, in recv_pkts
x = IPDecoder(hdr)
TypeError: __init__() takes exactly 1 argument (2 given)

Anyone got any ideas?

Thanks
Aug 5 '07 #4

Post your reply

Sign in to post your reply or Sign up for a free account.