Im building a sniffer with Scapy, python 2.6.6 and windows 7 and I want to know if I can choose the interface to sniff before sniffing, kind of like Wireshark.
I realize this is a dated post. One of the solutions mentions:
But if no interface is given, sniffing will happen on every interfaces.
You can look in the Sniffing section in the Scapy webpage
Unfortunately the documentation is wrong. When no interface is given then the scapy sniffs on conf.iface
Please see the conversation on their github repo:
https://github.com/secdev/scapy/issues/1356
You can use the iface parameter.
sniff(iface="wlan0", prn=exampleFunction)
But if no interface is given, sniffing will happen on every interfaces.
You can look in the Sniffing section in the Scapy webpage
Related
A friend and I are currently making a sniffing application in Python using the Scapy library. We have a GUI interface where we can choose filters and protocols. We want to sniff the network using one or more filters but don't know how to do. For now we tried the following code :
capture=scapy.sniff(filter="tcp and udp",timeout=5)
print(capture)
It works well but it sniffs using only the first filter (tcp filter in this case). We also tried with the following code but same :
capture1=scapy.sniff(filter="tcp",timeout=5)
capture2=scapy.sniff(filter="udp",timeout=5)
print(capture1)
print(capture2)
So, is it possible to sniff using more than one filter and if so, do you have any idea ?
Thanks
You are telling Scapy to sniff packets that are both TCP and UDP.
When I try this (Linux, current Scapy development version), I get a warning message tcpdump: expression rejects all packets and the filter is not applied.
You probably want to use a or instead of and: capture=scapy.sniff(filter="tcp or udp",timeout=5).
I have 2 devices communicating with each other using Modbus and I would like to sniff this communication line using Python for logging purposes. I have connected my computer to the communication bus via a Modbus dongle, but I don't know how I can actually read the data.
I have used Pymodbus before, but I don't think that would work in this case since it only allows for master or slave devices (as far as I know)
Are there any other libraries that I can use for my purpose? Would it be possible for me to implement something like a read only socket on the COM port that doesn't interfere with existing communication on the bus?
Thank you!
You can try a MODBUS simulator like this one: It has an option to see the activity on the bus.
If you want to use another python MODBUS I recommend using modbus_tk. It has an example on how to create an MODBUS simulator. But to be able sniff the packets sent to other devices you will need to do some modifications to disable the automatic response.
If the only thing you want to do is to see the activity on the bus I recommend the first option.
I hope this helps you.
[Edit]:To be more specific you will need to download the following software : Modbus Poll - MODBUS slave simulator(which works on Windows) and plug your MODBUS dongle in the port you intend to use. After you do all the settings for the serial communications go to the Display tab and click on Communication. You will be able to see the traffic on the line.
I'm working on a project in which I sniff http packets that go through my network,
but scapy sniffs only packets that are sent to my computer or broadcasted.
I saw that there is a parameter called iface for the sniffing function-
sniff(iface= ? )
Yet, I find no documentation or explanation about it online.
Can someone explain how it can help and what value to put in it when sniffing if I want to sniff the whole network and not just my computer?
Also I don't find a filter function for http packets, so I'd appreciate it if someone could write it to me.
Here is some documentation on sniffing for Scapy. There is also some information regarding filters but it's quite sparse.
More than likely you will be able to use something like the following:
sniff(iface="eth0", filter="tcp and port 80") to get the HTTP packets. Obviously the actual interface will be different based on the names of the interfaces on your machine.
I'm sniffing with scapy 2.2 on Windows 7 with Python 2.6. Is there a way I can recognize the interface of a sniffed packet? I thought about using the mac address to identify it, but is there a way to do it with scapy?
something like this (doesn't work) -
packet = sniff(count=1, iface='eth0')[0]
print packet.iface # prints 'eth0'
In scapy, the interface-name the packet was captured on is stored in the property sniffed_on, for example:
packet.sniffed_on
The interface name 'ethX' is used on Linux world, so that for Windows I think there are different name (I didn't test Scapy under Windows), for this try to execute:
>>> ifaces
This will show how Scapy has determined the usable network interfaces on your system (and will most likely not be correct in your case). It's the bases for the Windows-specific 'show_interfaces()' command.
For more details about sniff (Scapy Docs)
I hardly doubt that, mostly because the interface (a NIC, in most of the cases - unless you're talking about VMs) is not a packet property. Think about it: which protocol uses interfaces? TCP? HTTP? Ethernet?
The MAC way will work, and you can do the same using the IP address (each NIC can have its own IP, think about a router with more than one port).
In a windows machine you can view your interfaces using ipconfig (or ipconfig /all for more information like MAC address). check out this link:
http://www.maketecheasier.com/view-network-adapter-details-in-windows/
I;m a completely new in network programming and a starter in python.
I want so set a socket in Python to just accept certain packages.
I have the following values at my disposal:
destination address and port
source MAC address
ethtype (own)
how can I set a filter to my socket class to only accept packets for me (at dest address,port)
and/or the right ethtype, and/or send by the device with the known mac address ?
Any help would be greatly appreciated, I tried to look via Google, but the amount of hits is incredible, and I haven't been able to find an answer that solves my question so far.
Thanx,
Arthur
I would recommend you to use scapy. It is a great tool for crafting custom packets and to do lot of other stuff.
You can add filters in the scapy's sniff() to capture the packets you desire. You can also use scapy with your own python programm.
More over you'll find ton of tutorials on the internet on how to use scapy.