I am trying to monitor network traffic coming in and out of my VM**. My VM is connected to a socket via TCP (IP, PORT) with the python socket library. Once connected, I am sending a stream of bytes to the socket and then close the connection. The VM runs Ubuntu 18.04 LTS. The connection is made in a VPN tunnel.
How do I capture the traffic for the source and destination while my python script runs? I have tried to work with scapy and Wireshark/pyshark, but the documentation I found did not help me a lot.
Does anyone have an idea how I could do this? I am using python 3
I use wireshark to capture packets, you can filter out the destination and source (as flags to), here's the docs. Is the VPN using some kind of security to encrypt information (such as TLS)?
In the filter insert:
ip.src==your.local.ip.addr && ip.dst==your.VM.ip.addr && ip.proto=="TCP"
What could happen is that the VM tries to get updates and wireshark can pickup a lot of packets, it can mess up your search for the information in the sockets (byte stream).
You also can try stop some Ubuntu services to prevent the internet use, but I cant tell you how to disable all.
Do you want to pickup that byte stream with a sniffer and convert into a person's eye?
If that's the case, it is advanced stuff I can't explain.
Hope I could help.
Related
I want to capture traffic of a particular Android device using a Python script. I am doing the same thing for a laptop using "pyshark" that monitors the real-time traffic of laptop for a specific time and then creates a pcap file for it. I want to do the same thing for my Android device. I have tried Tcpdump, scapy and packetsniffer but nothing helped me in capturing the traffic of my Android device.
Ideally I want an analyzer (a python script) that should run in such a fashion that when it is turned on, it continuously monitors the traffic of my Android device. I will have to make something similar to a proxy server but i am stucked how to do it.
pyshark usage for my laptop
Does your program run with the necessary rights at all? Under Linux and Windows a program needs extended rights to open raw sockets, which are necessary for sniffing. Under Windows there must be some group policy XY setting (I don't know Windows), under Linux the program needs root rights.
I don't know about such a policy too. But in the scenario displayed in the picture attached, there is no need for socket programming. I am also okay with passive sniffing.
I have just written some python server and client using tcp protocol. I am using linux, and want to connect to a windows machine which isn't in my local network. How can i do that? I know it is something about NAT, but i can't find out how to do it properly. Could you please give me step by step guide? Thanks.
Just use sockets? You need to ensure that the network the windows laptop is on is configured to forward a specified port to the laptop. (means it can be accessed externally) You can then use sockets to connect to the laptop on the port you designate.
I'm writing a Python script which connects to remote hosts over a (super complicated) SOCKS/SSL tunnel. I am able to establish connections to IPs in a remote intranet on any port.
What I'm hoping to do is set up this python script to use IP addresses in the local loopback range (127.0.x.x) to become (maybe with the help of the hosts file) a 'replica' of the remote systems, and hence enable me to use applications which don't support proxies. The problem is that I don't always know what ports they're trying to connect to. It seems the only way to work this out is to bind sockets to all 65536 ports, which seems a little crazy. So two questions:
Is it crazy? Can I just set up a python list of sockets from 1-65536?
Or is there a better way I should be doing this? Can I monitor connections to an IP somehow and bind the ports just before they're needed?
I want to avoid using too much platform-dependent or non-python code if possible.
EDIT: To clarify, I'm only writing the client here - I have no control over the server. Believe me, if I had control over the server side of it I would not be doing it with SOCKS/SSL/CRAM :)
What about going lower level and interfacing a library designed for network analyzers like pycap?
This way you could detect all connection attempts and find the ports that you need to expose or may be you can just route the packets directly assuming the library in addition to packet detection can also do packet injection (pypcap page says this feature is experimental).
This would IMO make sense in python only for slow applications however...
Pycap seems to be developed for linux, but the core capturing is done by libpcap and for windows there is a similar library winpcap.
Matt,
If using windows your best shot is something like OpenVPN over the tunnel. OpenVPN requires only one TCP port/stream and gives you a pair of virtual interfaces with full connectivity.
[updated]
It may be possible using a TUN/TAP driver on the client side. See this unix version for ideas.
Overview:
I have a device sitting on a local network to a computer that is sitting on an outside network. I would like to create a software program that allows me to seamlessly connect to the device from a computer on a different network. For purposes of this question, I've created a picture to help describe the network flow. What I need help with is what python packages I would need to develop the solution for this problem.
Details:
I have a computer MYPC (IP address 192.168.0.168) that is attached to the internet running through a proxy server (ROUTER1). I have full control over MYPC's environment, which is running Linux.
I have a second computer SOMESERVER (IP address 192.168.1.168) that is attached to the internet running through a proxy server (ROUTER2). In addition, SOMESERVER (IP address 10.0.0.159) is also attached to a local network (LOCAL). SOMESERVER is running windows. I have very limited control with SOMESERVER: I am able to send an executable to SOMESERVER that can run once before it is removed. I do not know the internet/world IP address of the ROUTER2 initially.
I have a device (DEVICE1) attached to SOMESERVER through LOCAL (IP address: 10.0.0.157).
I have another device (DEVICE2) attached to SOMESERVER through LOCAL (IP address: 10.0.0.158). DEVICE(x) runs linux. I have python on DEVICE(x) and I could install a pure python package if I needed to. However, I do not have the ability to compile for DEVICE(x).
I can connect between SOMESERVER and MYPC through the internet using SSH over ROUTER1 and ROUTER2. I can connect between SOMESERVER and DEVICE1 through the local network (LOCAL) using Telnet. I can connect between SOMESERVER and DEVICE2 through the local network (LOCAL) using Telnet.
I want to send a program to SOMESERVER that allows me seamless access over SSH and Telnet to DEVICE1 and DEVICE2 from MYPC. In addition, I want that program to be running python.
Here's a picture that helps explain the above problem:
Solution:
What I think I want is as follows. I need help with the details and what packages I might need to make it happen.
Part 1: The Dial Home Client and Server
Create a "dial home" server program (DIAL_HOME_SERVER) for MYPC which listens for any one dialing home and then will "dial into" any SOMESERVER that "dials home" using SSH.
Create a "dial home" client program (DIAL_HOME_CLIENT) for SOMESERVER which is downloaded as part of a package
Part 2: The Proxy Server
Create a ssh to telnet proxy server program (PROXY_SERVER) for SOMESERVER which listens for connections from MYPC and funnels them into a telnet connection to DEVICE(x).
Thanks to Greg Hewgill, it sounds like I can use Paramiko to pull together the PROXY_SERVER code on SOMESERVER. It appears that Paramiko also requires PyCryto, and the Windows binary for it can be found here.
Future Robustness
At a future date, the telnet connection will be replaced with an SSH client (dropbox on DEVICE(x)).
In Closing
I think the above will allow MYPC to connect "seamlessly", but the details of how to put together these programs is unknown to me. I already know how to package up a python program using Innosetup and/or py2exe. What I'd love to see is links pointing to different pieces of the solution so I can pull it all together. And then I can post it.
Thanks in advance!
I have to admit that I didn't quite follow all of your description, especially the "dial home" client/server part. However, your diagram seems sufficient for understanding.
Set up port forwarding on "router2" that forwards the incoming SSH port to your Windows server.
Write a Python program (you will probably find paramiko helpful) that runs on your Windows server, listens for SSH connections, and opens a telnet connection to one of your devices on the back end.
That seems sufficient to me. If you've got weird restrictions on the Windows server about only being able to run an executable once before it is deleted, that seems like another problem to solve that doesn't really relate to this tunnelling problem.
I have device connected through serial port to PC. Using c-kermit I can send commands to device and read output. I can also send files using kermit protocol.
In python we have pretty nice library - pySerial. I can use it to send/receive data from device. But is there some nice solution to send files using kermit protocol?
You should be able to do it via the subprocess module. The following assumes that you can send commands to your remote machine and parse out the results already. :-)
I don't have anything to test this on at the moment, so I'm going to be pretty general.
Roughly:
use pyserial to connect to the remote system through the serial port.
run the kermit client on the remote system using switches that will send the file or files you wish to transfer over the remote systems serial port (the serial line you are using.)
disconnect your pyserial instance
start your kermit client with subprocess and accept the files.
reconnect your pyserial instance and clean everything up.
I'm willing to bet this isn't much help, but when I actually did this a few years ago (using os.system, rather than subprocess on a hideous, hideous SuperDOS system) it took me a while to get my fat head around the fact that I had to start a kermit client remotely to send the file to my client!
If I have some time this week I'll break out one of my old geode boards and see if I can post some actual working code.