I have 2 files 1st one is original data and 2nd one is after some modification (eg - network/storage level). So I want to compare 1st file with new one and create a file with what new added / modified lines.
for eg:
file1 - original file
Route table:
Route table:
10.208.85.0/26 dev eth3 proto kernel scope link src 10.1.108.12
148.89.140.0/22 via 192.168.10.1 dev eth0
148.89.168.0/21 via 192.168.10.1 dev eth0
151.87.44.0/23 via 192.168.10.1 dev eth0
151.87.46.0/23 via 192.168.10.1 dev eth0
192.55.16.128/28 via 192.168.10.1 dev eth0
192.55.28.32/27 via 192.168.10.1 dev eth0
192.55.28.64/28 via 192.168.10.1 dev eth0
192.55.192.96/27 via 192.168.10.1 dev eth0
192.60.136.0/22 via 192.168.10.1 dev eth0
192.62.212.64/26 via 192.168.10.1 dev eth0
Disks:
Disk /dev/sda: 96 GiB, 103079215104 bytes, 201326592 sectors
/dev/sda1 * 2048 1060863 1058816 517M 83 Linux
/dev/sda2 1060864 201326591 200265728 95.5G 8e Linux LVM
file2 - Modified
Route table:
10.208.85.0/26 dev eth3 proto kernel scope link src 10.1.108.12
10.123.17.64/26 via 10.1.208.1 dev eth2
148.89.140.0/22 via 192.168.10.1 dev eth0
148.89.168.0/21 via 192.168.10.1 dev eth0
151.87.44.0/23 via 192.168.10.1 dev eth0
151.87.46.0/23 via 192.168.10.1 dev eth0
192.55.16.128/28 via 192.168.10.1 dev eth0
192.55.28.32/27 via 192.168.10.1 dev eth0
192.55.28.64/28 via 192.168.10.1 dev eth0
192.55.192.96/27 via 192.168.10.1 dev eth0
192.60.136.0/22 via 192.168.10.1 dev eth0
192.62.212.64/26 via 192.168.10.1 dev eth0
Disks:
Disk /dev/sda: 128 GiB, 137438953472 bytes, 201326592 sectors
/dev/sda1 * 2048 1060863 1058816 517M 83 Linux
/dev/sda2 1060864 201326591 200265728 95.5G 8e Linux LVM
I am looking an output something like (another file )
Added : 10.123.17.64/26 via 10.1.208.1 dev eth2
Modified : Disk /dev/sda: 128 GiB, 137438953472 bytes, 201326592 sectors
Please help
As starting point, you can use difflib:
from difflib import Differ
with (open('file1.txt') as file_1,
open('file2.txt') as file_2):
differ = Differ()
for line in differ.compare(file_1.readlines(), file_2.readlines()):
if line[0] in list('+-?'):
print(line.strip())
Output:
+ 10.123.17.64/26 via 10.1.208.1 dev eth2
- Disk /dev/sda: 96 GiB, 103079215104 bytes, 201326592 sectors
? ^^ - - -----
+ Disk /dev/sda: 128 GiB, 137438953472 bytes, 201326592 sectors
? ^^^ +++ ++++
In linux you can use diff to compare files line by line.
Let us consider the 2 example files provided in your question.
The Command:
diff /tmp/file1.txt /tmp/file2.txt
The Output:
2a3
> 10.123.17.64/26 via 10.1.208.1 dev eth2
15c16
< Disk /dev/sda: 96 GiB, 103079215104 bytes, 201326592 sectors
---
> Disk /dev/sda: 128 GiB, 137438953472 bytes, 201326592 sectors
The Command to generate the desired output:
diff /tmp/file1.txt /tmp/file2.txt | sed -e ':begin;$!N;s/---\n>/Modified: /;tbegin' -e 's/>/Added: /g' | egrep 'Added|Modified'
The Desired Output:
Added: 10.123.17.64/26 via 10.1.208.1 dev eth2
Modified: Disk /dev/sda: 128 GiB, 137438953472 bytes, 201326592 sectors
Related
Introduction
I'm trying to emulate a NIC using software (python), to do so I'm responding to ARP and ICMP packages. Is that even possible?
Environment
I'm using Kali (2021.3) within VMWare (bridge NIC), python (3.9.7) and scapy (2.4.5).
eth0 interface:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.176.139 netmask 255.255.255.0 broadcast 192.168.176.255
inet6 fe80::20c:29ff:fee3:84e prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:e3:08:4e txqueuelen 1000 (Ethernet)
RX packets 14614 bytes 19043293 (18.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2504 bytes 259386 (253.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
What I've tried
First started just by simply responding to ARP requests:
from scapy.all import *
# Your network broadcast address
broadcastNet = "192.168.176.255"
macDict = { "192.168.176.182" : "60:01:94:98:97:c6",
"192.168.176.183" : "68:c6:3a:a7:d3:40"}
# Use MAC address of this machine as source. If not eth0, change this:
myMAC = get_if_hwaddr('eth0')
def handle_arp(packet):
who_has = 1
is_at = 2
if packet[ARP].op == who_has:
print(packet.summary())
if packet.pdst in macDict:
print("Sending ARP response for " + packet.pdst)
reply = ARP(op=is_at, hwsrc=macDict[packet.pdst], psrc=packet.pdst, hwdst="ff:ff:ff:ff:ff:ff", pdst=broadcastNet)
go = Ether(dst="ff:ff:ff:ff:ff:ff", src=myMAC) / reply
print(go.summary())
sendp(go)
return
def handle_icmp(packet):
print(packet)
return
# Sniff for packets.
sniff(filter="arp",prn=handle_arp)
Used ping -c 1 192.168.176.183 to force an ARP, used wireshark and the ARP reply fired successfully:
However if I list my arp table it stands as incomplete:
arp -a
? (192.168.176.183) at <incomplete> on eth0
? (192.168.176.2) at 00:50:56:e6:c2:47 [ether] on eth0
? (192.168.176.254) at 00:50:56:ea:77:59 [ether] on eth0
At this point thought of using the same MAC address of eth0 changing the macDict in the script:
macDict = { "192.168.176.182" : "00:0c:29:e3:08:4e",
"192.168.176.183" : "00:0c:29:e3:08:4e"}
However my arp table wasn't updated at all.
Finally tried creating a link interface:
sudo ip link add link eth0 address 56:8A:C0:DD:EE:FA eth0.1 type dummy
sudo ifconfig eth0.1 up
sudo ifconfig eth0.1
eth0.1: flags=195<UP,BROADCAST,RUNNING,NOARP> mtu 1500
inet6 fe80::548a:c0ff:fedd:eefa prefixlen 64 scopeid 0x20<link>
ether 56:8a:c0:dd:ee:fa txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6 bytes 420 (420.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
This last approach didn't work either.
Here's the python code:
import os
import paramiko
import sys
def get_private_key():
# or choose the location and the private key file on your client
private_key_file = os.path.expanduser("/home/ubuntu/.ssh/id_rsa")
return paramiko.RSAKey.from_private_key_file(private_key_file, password='')
def get_ssh(myusername, myhostname, myport):
ssh = paramiko.SSHClient()
ssh.load_system_host_keys()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
#ssh.connect(myhostname, username=myusername, port=myport, pkey = private_key)
ssh.connect(myhostname, username=myusername, port=myport)
return ssh
def block_exec(ssh, command):
stdin, stdout, stderr = ssh.exec_command(command)
exit_status = stdout.channel.recv_exit_status()
print command, exit_status
print "stderr is %s" % stderr
return
def clear_bw_config2(ssh, interface):
block_exec(ssh, "sudo tc qdisc del dev %s root" % interface)
block_exec(ssh, "sudo tc qdisc del dev %s ingress" % interface)
block_exec(ssh, "sudo tc class del dev %s root" % interface)
block_exec(ssh, "sudo tc filter del dev %s root" % interface)
def exec_bw_config2(ssh, interface, bandwidth, ip, subnetmasklength, delay):
clear_bw_config2(ssh, interface)
# create a qdisc (queuing discipline), 12 is default class
cmd1 = "sudo tc qdisc add dev %s root handle 1: htb default 12" % interface
print cmd1
block_exec(ssh, cmd1)
# define the performance for default class
cmd2 = "sudo tc class add dev %s parent 1: classid 1:1 htb rate %dmbps ceil %dmbps" % (interface, bandwidth, 2*bandwidth )
print cmd2
block_exec(ssh, cmd2)
filter_cmd = "sudo tc filter add dev %s protocol ip parent 1:0 prio 1 u32 match ip dst %s/%d flowid 1:1" % (interface, ip, subnetmasklength)
print filter_cmd
block_exec(ssh, filter_cmd)
#delay_cmd = "sudo tc qdisc add dev eth0 parent 1: handle 1: netem delay %dms" %(delay)
delay_cmd="sudo tc qdisc add dev eth0 root netem %dms" %delay
print delay_cmd
block_exec(ssh, delay_cmd)
def main():
myhosts = ["10.0.1.192", "10.0.1.191", "10.0.1.190"]
username="ubuntu"
port=22
#key = get_private_key()
for host in myhosts:
ssh = get_ssh(username, host, port)
clear_bw_config2(ssh, "eth0")
del_cmd="sudo tc qdisc del dev eth0 root"
block_exec(ssh, del_cmd)
exec_bw_config2(ssh, "eth0", int(sys.argv[1]) , "10.0.1.0", 24, int(sys.argv[2]))
# iterate over hosts here
# for everyhost,
# 1. create ssh connection
# 2. run the exec_bw_config with params
return
if __name__ == '__main__':
main()
I am running the script like this:
python network_controller_vm.py 100 10
And here's the errors I receive:
sudo tc qdisc del dev eth0 root 2
RTNETLINK answers: No such file or directory
sudo tc qdisc del dev eth0 ingress 2
RTNETLINK answers: No such file or directory
sudo tc class del dev eth0 root 2
RTNETLINK answers: Invalid argument
sudo tc filter del dev eth0 root 2
RTNETLINK answers: No such file or directory
We have an error talking to the kernel
sudo tc qdisc del dev eth0 root 2
RTNETLINK answers: No such file or directory
sudo tc qdisc del dev eth0 root 2
RTNETLINK answers: No such file or directory
sudo tc qdisc del dev eth0 ingress 2
RTNETLINK answers: No such file or directory
sudo tc class del dev eth0 root 2
RTNETLINK answers: Invalid argument
sudo tc filter del dev eth0 root 2
RTNETLINK answers: No such file or directory
We have an error talking to the kernel
sudo tc qdisc add dev eth0 root handle 1: htb default 12
sudo tc qdisc add dev eth0 root handle 1: htb default 12 0
sudo tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbps ceil 200mbps
sudo tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbps ceil 200mbps 0
sudo tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip dst 10.0.1.0/24 flowid 1:1
sudo tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip dst 10.0.1.0/24 flowid 1:1 0
sudo tc qdisc add dev eth0 root netem 10ms
sudo tc qdisc add dev eth0 root netem 10ms 1
What is "10ms"?
Usage: ... netem [ limit PACKETS ]
[ delay TIME [ JITTER [CORRELATION]]]
[ distribution {uniform|normal|pareto|paretonormal} ]
[ corrupt PERCENT [CORRELATION]]
[ duplicate PERCENT [CORRELATION]]
[ loss random PERCENT [CORRELATION]]
[ loss state P13 [P31 [P32 [P23 P14]]]
[ loss gemodel PERCENT [R [1-H [1-K]]]
[ ecn ]
[ reorder PRECENT [CORRELATION] [ gap DISTANCE ]]
[ rate RATE [PACKETOVERHEAD] [CELLSIZE] [CELLOVERHEAD]]
sudo tc qdisc del dev eth0 root 2
RTNETLINK answers: No such file or directory
sudo tc qdisc del dev eth0 ingress 2
RTNETLINK answers: No such file or directory
sudo tc class del dev eth0 root 2
RTNETLINK answers: Invalid argument
sudo tc filter del dev eth0 root 2
RTNETLINK answers: No such file or directory
We have an error talking to the kernel
sudo tc qdisc del dev eth0 root 2
RTNETLINK answers: No such file or directory
sudo tc qdisc del dev eth0 root 2
RTNETLINK answers: No such file or directory
sudo tc qdisc del dev eth0 ingress 2
RTNETLINK answers: No such file or directory
sudo tc class del dev eth0 root 2
RTNETLINK answers: Invalid argument
sudo tc filter del dev eth0 root 2
RTNETLINK answers: No such file or directory
We have an error talking to the kernel
sudo tc qdisc add dev eth0 root handle 1: htb default 12
sudo tc qdisc add dev eth0 root handle 1: htb default 12 0
sudo tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbps ceil 200mbps
sudo tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbps ceil 200mbps 0
sudo tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip dst 10.0.1.0/24 flowid 1:1
sudo tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip dst 10.0.1.0/24 flowid 1:1 0
sudo tc qdisc add dev eth0 root netem 10ms
sudo tc qdisc add dev eth0 root netem 10ms 1
What is "10ms"?
Usage: ... netem [ limit PACKETS ]
[ delay TIME [ JITTER [CORRELATION]]]
[ distribution {uniform|normal|pareto|paretonormal} ]
[ corrupt PERCENT [CORRELATION]]
[ duplicate PERCENT [CORRELATION]]
[ loss random PERCENT [CORRELATION]]
[ loss state P13 [P31 [P32 [P23 P14]]]
[ loss gemodel PERCENT [R [1-H [1-K]]]
[ ecn ]
[ reorder PRECENT [CORRELATION] [ gap DISTANCE ]]
[ rate RATE [PACKETOVERHEAD] [CELLSIZE] [CELLOVERHEAD]]
sudo tc qdisc del dev eth0 root 2
RTNETLINK answers: No such file or directory
sudo tc qdisc del dev eth0 ingress 2
RTNETLINK answers: No such file or directory
sudo tc class del dev eth0 root 2
RTNETLINK answers: Invalid argument
sudo tc filter del dev eth0 root 2
RTNETLINK answers: No such file or directory
We have an error talking to the kernel
sudo tc qdisc del dev eth0 root 2
RTNETLINK answers: No such file or directory
sudo tc qdisc del dev eth0 root 2
RTNETLINK answers: No such file or directory
sudo tc qdisc del dev eth0 ingress 2
RTNETLINK answers: No such file or directory
sudo tc class del dev eth0 root 2
RTNETLINK answers: Invalid argument
sudo tc filter del dev eth0 root 2
RTNETLINK answers: No such file or directory
We have an error talking to the kernel
sudo tc qdisc add dev eth0 root handle 1: htb default 12
sudo tc qdisc add dev eth0 root handle 1: htb default 12 0
sudo tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbps ceil 200mbps
sudo tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbps ceil 200mbps 0
sudo tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip dst 10.0.1.0/24 flowid 1:1
sudo tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip dst 10.0.1.0/24 flowid 1:1 0
sudo tc qdisc add dev eth0 root netem 10ms
sudo tc qdisc add dev eth0 root netem 10ms 1
What is "10ms"?
Usage: ... netem [ limit PACKETS ]
[ delay TIME [ JITTER [CORRELATION]]]
[ distribution {uniform|normal|pareto|paretonormal} ]
[ corrupt PERCENT [CORRELATION]]
[ duplicate PERCENT [CORRELATION]]
[ loss random PERCENT [CORRELATION]]
[ loss state P13 [P31 [P32 [P23 P14]]]
[ loss gemodel PERCENT [R [1-H [1-K]]]
[ ecn ]
[ reorder PRECENT [CORRELATION] [ gap DISTANCE ]]
[ rate RATE [PACKETOVERHEAD] [CELLSIZE] [CELLOVERHEAD]]
I'm trying to break the /etc/network/interfaces file format on Ubuntu to the individual stanzas (as the man page calls them).
This is the sample interfaces file I test my script against:
# The loopback network interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.2.7
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
gateway 192.0.2.254
dns-nameservers 12.34.56.78 12.34.56.79
auto eth0:0
allow-hotplug eth0:0
iface eth0:0 inet static
address 192.168.1.43
netmask 255.255.255.0
auto eth1
iface eth1 inet dhcp
auto eth2
iface eth2 inet6 static
address 2001:db8::c0ca:1eaf
netmask 64
gateway 2001:db8::1ead:ed:beef
auto br0
iface br0 inet static
address 10.10.0.15
netmask 255.255.255.0
gateway 10.10.0.1
bridge_ports eth0 eth1
up /usr/sbin/brctl stp br0 on
What I need is an array of strings holding each stanza (iface, mapping, auto, allow-\w+, source(-\w+)? and comments) along with all the text that follows it until the start of next stanza.
I've tried code like this, which sounds like it should work, but it captures all stanzas in one string:
re.split(r'^(iface|mapping|auto|allow-\w+|source(-\w)?|#.*)[.\n]+?',
open('/etc/network/interfaces').read(), flags=re.MULTILINE)
How can I correct the regex to achieve this?
Python version is 2.7
You don't need a regex:
def stanza(fle):
with open(fle) as f:
vals = ("iface", "mapping", "auto", "allow-", "source")
tmp = []
for line in f:
if line.startswith(vals):
yield tmp
tmp = [line]
else:
tmp.append(line)
if tmp:
yield tmp
from pprint import pprint as pp
pp(list(stanza("foo.txt")))
Output:
[['# The loopback network interface\n'],
['auto lo\n'],
['iface lo inet loopback\n', '\n'],
['auto eth0\n'],
['iface eth0 inet static\n',
' address 192.168.2.7\n',
' netmask 255.255.255.0\n',
' network 192.168.2.0\n',
' broadcast 192.168.2.255\n',
' gateway 192.0.2.254\n',
' dns-nameservers 12.34.56.78 12.34.56.79\n',
'\n'],
['auto eth0:0\n'],
['allow-hotplug eth0:0\n'],
['iface eth0:0 inet static\n',
' address 192.168.1.43\n',
' netmask 255.255.255.0\n',
'\n'],
['auto eth1\n'],
['iface eth1 inet dhcp\n', '\n'],
['auto eth2\n'],
['iface eth2 inet6 static\n',
' address 2001:db8::c0ca:1eaf\n',
' netmask 64\n',
' gateway 2001:db8::1ead:ed:beef\n',
'\n'],
['auto br0\n'],
['iface br0 inet static\n',
' address 10.10.0.15\n',
' netmask 255.255.255.0\n',
' gateway 10.10.0.1\n',
' bridge_ports eth0 eth1\n',
' up /usr/sbin/brctl stp br0 on']]
If you want to remove the whitespace strip it off with line.strip().
On my mac the wireless interface is the en1 interface. I can put the interface into monitor mode using mac's airport application but then it doesn't work with the scapy module when i use python 3. How can i make this work?
Thanks in advance
ifconfig output
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
nd6 options=1<PERFORMNUD>
media: autoselect (none)
status: inactive
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
lladdr 00:3e:e1:ff:fe:0f:0a:4a
nd6 options=1<PERFORMNUD>
media: autoselect <full-duplex>
status: inactive
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::7ed1:c3ff:fe6e:eeda%en1 prefixlen 64 scopeid 0x6
inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
media: autoselect
status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1452
inet6 fe80::18b8:64ff:fec8:85%awdl0 prefixlen 64 scopeid 0x9
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 7 priority 0 path cost 0
nd6 options=1<PERFORMNUD>
media: <unknown type>
status: inactive
Python Script To Detected Packets (After putting en1 into mon mode using airport)
from scapy.all import *
def pktIdentifier(pkt):
if pkt.haslayer(Dot11Beacon):
print ("[+] Detected 802.11 Beacon Frame")
elif pkt.haslayer(Dot11ProbeReq):
print ("[+] Detected 802.11 Probe Frame")
elif pkt.haslayer(TCP):
print ("[+] Detected TCP Packet")
elif pky.haslayer(UDP):
print ("[+] Detected UDP Packet")
conf.iface = 'en1'
sniff(prn=pktIdentifier)
Output of conf.route
Network Netmask Gateway Iface Output IP
0.0.0.0 0.0.0.0 192.168.0.1 en1 192.168.0.7
127.0.0.0 255.0.0.0 0.0.0.0 lo0 127.0.0.1
127.0.0.1 255.255.255.255 0.0.0.0 lo0 127.0.0.1
169.254.0.0 255.255.0.0 0.0.0.0 en1 192.168.0.7
192.168.0.0 255.255.255.0 0.0.0.0 en1 192.168.0.7
192.168.0.1 255.255.255.255 0.0.0.0 en1 192.168.0.7
192.168.0.1 255.255.255.255 0.0.0.0 en1 192.168.0.7
192.168.0.7 255.255.255.255 0.0.0.0 en1 192.168.0.7
192.168.0.255 255.255.255.255 0.0.0.0 en1 192.168.0.7
Short Answer: You could MonkeyPatch the _PcapWrapper_pypcap class. An example Code is provided below.
Slightly Longer Answer: On Mac OS X scapy sniffs on interfaces through libpcap. Instead of calling pcap_open_live we call pcap_create, pcap_set_rfmon and pcap_activate (in this order). This will set the interface in monitor mode and start capturing. I tested the following MonkeyPatch under scapy-python3 (0.21) and macOS Sierra 10.12.6. Make sure you run this Code with admin rights.
from scapy.all import *
import scapy.arch.pcapdnet
from ctypes import POINTER, byref, create_string_buffer
from ctypes.util import find_library
class _PcapWrapper_pypcap_monkeypatched(scapy.arch.pcapdnet._PcapWrapper_pypcap):
def __init__(self, device, snaplen, promisc, to_ms):
self.errbuf = create_string_buffer(PCAP_ERRBUF_SIZE)
self.iface = create_string_buffer(device.encode('ascii'))
#self.pcap = pcap_open_live(self.iface, snaplen, promisc, to_ms, self.errbuf)
STRING = c_char_p
_lib_name = find_library("pcap")
if not _lib_name:
raise OSError("Cannot fine libpcap.so library")
_lib=CDLL(_lib_name)
pcap_create = _lib.pcap_create
pcap_create.restype = POINTER(pcap_t)
pcap_create.argtypes = [STRING, STRING]
pcap_set_rfmon = _lib.pcap_set_rfmon
pcap_set_rfmon.restype = c_int
pcap_set_rfmon.argtypes = [POINTER(pcap_t), c_int]
pcap_activate = _lib.pcap_activate
pcap_activate.restype = c_int
pcap_activate.argtypes = [POINTER(pcap_t)]
self.pcap = pcap_create(self.iface, self.errbuf)
pcap_set_rfmon(self.pcap, 1)
pcap_activate(self.pcap)
self.header = POINTER(pcap_pkthdr)()
self.pkt_data = POINTER(c_ubyte)()
self.bpf_program = bpf_program()
scapy.arch.pcapdnet._PcapWrapper_pypcap = _PcapWrapper_pypcap_monkeypatched
def pktIdentifier(pkt):
if pkt.haslayer(Dot11Beacon):
print("[+] Detected 802.11 Beacon Frame")
elif pkt.haslayer(Dot11ProbeReq):
print("[+] Detected 802.11 Probe Frame")
sniff(iface="en0", prn=pktIdentifier)
When using the sniff function setting monitor=True on Mac OS Catalina always works for me. Example: scapy.all.sniff(iface='en0, monitor=True) then obviously what ever other functions you want.
This is a possible answer: http://www.cqure.net/wp/2014/04/scapy-with-wifi-monitor-rfmon-mode-on-os-x/
If you will file a bug on http://github.com/phaethon/scapy I will assist with patching part.
How can i get the IP address of a computer if its mac address is known , using python and scapy may be
You might use the information from the arp cache:
> arp -a
localhost (10.37.129.2) at 0:1c:42:0:0:9 on vnic1 ifscope permanent [ethernet]
localhost (10.37.129.255) at ff:ff:ff:ff:ff:ff on vnic1 ifscope [ethernet]
localhost (10.211.55.2) at 0:1c:42:0:0:8 on vnic0 ifscope permanent [ethernet]
localhost (10.211.55.255) at ff:ff:ff:ff:ff:ff on vnic0 ifscope [ethernet]
fritz.slwlan.box (192.168.0.1) at 0:4:e:2b:28:16 on en1 ifscope [ethernet]
Either you parse the result of "arp -a" on Unix yourself or look at
http://libdnet.sourceforge.net/dnet.html
providing access to the ARP cache from Python.
Perhaps you could use arp-scan, but then you'd have to run as root:
$ arp-scan --interface=eth0 --localnet
Interface: eth0, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.5.2 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
192.168.1.1 00:c0:9f:09:b8:db QUANTA COMPUTER, INC.
192.168.1.4 00:02:b3:bb:5c:09 Intel Corporation
192.168.1.3 00:02:b3:bb:66:98 Intel Corporation
192.168.1.5 00:02:a5:90:c3:e6 Compaq Computer Corporation
192.168.1.6 00:c0:9f:0b:91:d1 QUANTA COMPUTER, INC.
192.168.1.8 00:02:b3:3d:13:5e Intel Corporation
...
34 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.5.2: 256 hosts scanned in 1.717 seconds (149.10 hosts/sec). 33 responded