Im not so new to network programming but new to working with scapy (I mainly work on c++).
So, im sniffing packets (traffic) that are coming into my computer and what I want to do is just to save one of the packets into a variable and use it later in my program.
It doesnt need to be any specific packet it can be a random packet. The only thing I want is just to insert it into a variable and use it later on.
Could someone please help me with this?
The sniff() function returns the sniffed packet. You can pass various arguments to this function. You can take the output and save it in a variable. Please see these two links:
(a) www.secdev.org/projects/scapy/files/scapydoc.pdf and (b)
and Scapy filtering with sniff() function
Related
Long time ago i used netfilter_queue to create small program to monitor packets and block unwanted connections. So this program delays new connection by some time (miliseconds) and passing packets to userspace, but delay is perceptible when using firefox.
Next i figured out i can sniff packets and allow on the beginning all new connections to later block unwanted connections without delay. So everything would be fine, but when i switched to wifi network, realized i need to decrypt wifi(wpa2) frame first, and i wonder if it is possible to do it in scapy?
I'm looking something similar to dot11decrypt but in python.
Cant provide library i used before, it was not scapy, because its on another computer i don't have access right now. And i don't remember the name it was like 10 yrs ago. And sniffer was written in python module socket.
EDIT:
Now when i know scapy by itself can't decrypt WPA2 i found that there are tools written in python to crack wpa2 password, so it should be possible to write program to sniff and decrypt WPA2 in python to get IP:PORT from packets.
But whole operation is not that strait forward. Need to know more about WPA2 protocol. Right now i don't have much time to do it but in spare time i will try to write something.
So i dig, and dig, and I'm happy that i didn't stop.
The answer is no, scapy can't decrypt WPA2(802.11).
I had also used decrypt and decode word like they were the same words, my bad. So when i was talking about decode 802.11 i was talking about decrypting WPA2(802.11).
I just deduced reading EagleEye paper, their software uses dot11decrypt and libtins to do that and scapy to analyses data. I didn't have time to read whole paper, but think i understand their logic. Page 3 figure 1 have a nice picture.
I start digging again and their software is on github, pretty nice software.
So that would be all. If I'm wrong correct me.
A friend and I are currently making a sniffing application in Python using the Scapy library. We have a GUI interface where we can choose filters and protocols. We want to sniff the network using one or more filters but don't know how to do. For now we tried the following code :
capture=scapy.sniff(filter="tcp and udp",timeout=5)
print(capture)
It works well but it sniffs using only the first filter (tcp filter in this case). We also tried with the following code but same :
capture1=scapy.sniff(filter="tcp",timeout=5)
capture2=scapy.sniff(filter="udp",timeout=5)
print(capture1)
print(capture2)
So, is it possible to sniff using more than one filter and if so, do you have any idea ?
Thanks
You are telling Scapy to sniff packets that are both TCP and UDP.
When I try this (Linux, current Scapy development version), I get a warning message tcpdump: expression rejects all packets and the filter is not applied.
You probably want to use a or instead of and: capture=scapy.sniff(filter="tcp or udp",timeout=5).
I'm working on a project in which I sniff http packets that go through my network,
but scapy sniffs only packets that are sent to my computer or broadcasted.
I saw that there is a parameter called iface for the sniffing function-
sniff(iface= ? )
Yet, I find no documentation or explanation about it online.
Can someone explain how it can help and what value to put in it when sniffing if I want to sniff the whole network and not just my computer?
Also I don't find a filter function for http packets, so I'd appreciate it if someone could write it to me.
Here is some documentation on sniffing for Scapy. There is also some information regarding filters but it's quite sparse.
More than likely you will be able to use something like the following:
sniff(iface="eth0", filter="tcp and port 80") to get the HTTP packets. Obviously the actual interface will be different based on the names of the interfaces on your machine.
I am creating a program in python (either 2 or 3) in which I need to be able to drop a packet. Using scapy I know how to inspect packets, craft one and modify one sniffed from the sniff() function. I believe the sniff function can't actually modify the incomming packets (correct me if I'm wrong). I would like to know how I could drop some packets. Ex: if it has a src.ip==192.168.1.5, then drop it there.
You can not drop packets with scapy or any other sniffing programm.
You should try using iptables. There is a wrapper for iptables called python-iptables. It can help you to create, manage and delete different firewall rules from your python programm
I;m a completely new in network programming and a starter in python.
I want so set a socket in Python to just accept certain packages.
I have the following values at my disposal:
destination address and port
source MAC address
ethtype (own)
how can I set a filter to my socket class to only accept packets for me (at dest address,port)
and/or the right ethtype, and/or send by the device with the known mac address ?
Any help would be greatly appreciated, I tried to look via Google, but the amount of hits is incredible, and I haven't been able to find an answer that solves my question so far.
Thanx,
Arthur
I would recommend you to use scapy. It is a great tool for crafting custom packets and to do lot of other stuff.
You can add filters in the scapy's sniff() to capture the packets you desire. You can also use scapy with your own python programm.
More over you'll find ton of tutorials on the internet on how to use scapy.