I am creating a program in python (either 2 or 3) in which I need to be able to drop a packet. Using scapy I know how to inspect packets, craft one and modify one sniffed from the sniff() function. I believe the sniff function can't actually modify the incomming packets (correct me if I'm wrong). I would like to know how I could drop some packets. Ex: if it has a src.ip==192.168.1.5, then drop it there.
You can not drop packets with scapy or any other sniffing programm.
You should try using iptables. There is a wrapper for iptables called python-iptables. It can help you to create, manage and delete different firewall rules from your python programm
Related
i am sending some commands having particular response serially using com port..the commands are kept in a file..i am reading each command through the file line by line and sending it serially over the com port..but when i am seeing it from the receiver end using Magic Terminal(Software)..i found that each command is going multiple times..which i am sending only one time..i have made a code in pycharm..and in the console i am seeing that command is going only once but from the uart receiving end the story is something else..i am stuck with this problem..i have maintain the same baudrate and everything but not able to diagnose the issue..
github link for the code is: https://github.com/AkshatPant06/Akshat-Pant/blob/master/cmd%20list
def recvResponse():
ser.write(serial.to_bytes(intCmd))
time.sleep(1)
data_recv=ser.read(2)
return data_recv
this i have used to receive the 2 byte response..
There seems to be nothing wrong with your code. At least to the extent I could reproduce, it only sends the command once (I tried your function after setting up my serial port in loopback).
I cannot say for sure but it might be that the terminal you're using has two windows, one for input and another one for output and somehow you're getting confused with what is in and out of your port.
One easy way to deal with this kind of issue is to use a sniffer on your port. You can do that combining com0com and Termite on Windows, as I recently explained here.
As you can see there is only one window on this terminal, and after setting up the forwarding you'll everything that comes in and out of your port. That should make it easier to see what your code is writing and reading.
To give you a conventional scenario to apply the sniffer trick you can refer to the following screenshot:
In this case, we have two real serial ports on a computer. On the first (COM9) we are running a Modbus server (you can imagine it as a bunch of memory addresses, each of one storing a 16-bit number). On COM10 we have a client that is sending queries asking for the contents of the first 10 addresses (called registers using the Modbus terminology). In a general use case, we have those ports linked with a cable, so we know (theoretically) that the client on COM10 is sending a data frame asking for those ten registers and the server on COM9 is answering with the numbers stored on those registers. But we are only able to see the contents on the server (left side of the picture) and what the client is receiving (right). What we don't see is what is traveling on the bus (yeah, we know what it is, but we don't know exactly how the Modbus protocol looks like on the inside).
If we want to tap on the bus to see what is being sent and received on each side we can create a couple of virtual ports with com0com and a port forwarding connection with Termite, something like the following screenshot:
Now we have moved our Modbus server to one of the virtual serial ports (COM4 in this case). After installing com0com we got (by default, but you can change names or add more port pairs, of course) a pair of forwarded ports (COM4<-->COM5). Now, if we want to see what is circulating through the ports we open Termite (bottom-right side of the picture) and set up another port forwarding scheme, in this case from virtual port COM5 to the real port COM9.
Finally (and exactly the same as before we were sniffing), we have COM9 connected together with COM10 with a cable. But now we are able to see all data going to and fro on the bus (all those HEX values you see on Termite displayed with the green/blue font).
As you can see, this will offer something similar to what you can do with more professional tools.
A friend and I are currently making a sniffing application in Python using the Scapy library. We have a GUI interface where we can choose filters and protocols. We want to sniff the network using one or more filters but don't know how to do. For now we tried the following code :
capture=scapy.sniff(filter="tcp and udp",timeout=5)
print(capture)
It works well but it sniffs using only the first filter (tcp filter in this case). We also tried with the following code but same :
capture1=scapy.sniff(filter="tcp",timeout=5)
capture2=scapy.sniff(filter="udp",timeout=5)
print(capture1)
print(capture2)
So, is it possible to sniff using more than one filter and if so, do you have any idea ?
Thanks
You are telling Scapy to sniff packets that are both TCP and UDP.
When I try this (Linux, current Scapy development version), I get a warning message tcpdump: expression rejects all packets and the filter is not applied.
You probably want to use a or instead of and: capture=scapy.sniff(filter="tcp or udp",timeout=5).
I'm working on a project in which I sniff http packets that go through my network,
but scapy sniffs only packets that are sent to my computer or broadcasted.
I saw that there is a parameter called iface for the sniffing function-
sniff(iface= ? )
Yet, I find no documentation or explanation about it online.
Can someone explain how it can help and what value to put in it when sniffing if I want to sniff the whole network and not just my computer?
Also I don't find a filter function for http packets, so I'd appreciate it if someone could write it to me.
Here is some documentation on sniffing for Scapy. There is also some information regarding filters but it's quite sparse.
More than likely you will be able to use something like the following:
sniff(iface="eth0", filter="tcp and port 80") to get the HTTP packets. Obviously the actual interface will be different based on the names of the interfaces on your machine.
Im not so new to network programming but new to working with scapy (I mainly work on c++).
So, im sniffing packets (traffic) that are coming into my computer and what I want to do is just to save one of the packets into a variable and use it later in my program.
It doesnt need to be any specific packet it can be a random packet. The only thing I want is just to insert it into a variable and use it later on.
Could someone please help me with this?
The sniff() function returns the sniffed packet. You can pass various arguments to this function. You can take the output and save it in a variable. Please see these two links:
(a) www.secdev.org/projects/scapy/files/scapydoc.pdf and (b)
and Scapy filtering with sniff() function
Using a Lantronix UDS-1100 serial to IP converter. The goal is to write a small proof of concept piece in Python to capture serial data output by this device over IP.
I've done a couple test projects using sockets in python, but they were all done between python processes (python > python): listen() on one end, and connect(), sendall() etc on the other.
I think I can use sockets for this project, but before I invest a bunch of time into it, wanted to make sure it is a viable solution.
Can python sockets be used to capture IP traffic when the traffic is originating from a non-python source? I have full control over the IP and port that the device sends the serial data to, but there will be no python connect() initiated by the client. I can pre-pend then serial data with some connect() string if needed.
If sockets won't work, please recommend another solution...guessing it will be REST or similar.
Of course. TCP/IP is supposed to be cross-platform and cross-language, so in theory you should be able to communicate with every kind of device as long as you manage to process and send the expected protocol.