Fetch source address and port number of packet - Scapy script

Question

I am doing a sniffing of the network and trying to get ip address and port number on every tcp packet.

I used scapy with python and could successfully sniff packets and in a callback function could even print the packet summary. But I would want to do more, like fetching only the IP address of the source and its port number. How can i accomplish it? Below is my code:

#!/usr/bin/evn python
from scapy.all.import.*
def print_summary(pkt):
    packet = pkt.summary()
    print packet
sniff(filter="tcp",prn=packet_summary)

Please suggest a method to print only the source IP address of every packet.

Thanks.

Answer 1

It is not very difficult. Try the following code:

#!/usr/bin/env python
from scapy.all import *
def print_summary(pkt):
    if IP in pkt:
        ip_src=pkt[IP].src
        ip_dst=pkt[IP].dst
    if TCP in pkt:
        tcp_sport=pkt[TCP].sport
        tcp_dport=pkt[TCP].dport

        print " IP src " + str(ip_src) + " TCP sport " + str(tcp_sport) 
        print " IP dst " + str(ip_dst) + " TCP dport " + str(tcp_dport)

    # you can filter with something like that
    if ( ( pkt[IP].src == "192.168.0.1") or ( pkt[IP].dst == "192.168.0.1") ):
        print("!")

sniff(filter="ip",prn=print_summary)
# or it possible to filter with filter parameter...!
sniff(filter="ip and host 192.168.0.1",prn=print_summary)

Enjoy!