Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Fetch source address and port number of packet - Scapy script

Tags:

networking

tcp

python-2.7

scapy

I am doing a sniffing of the network and trying to get ip address and port number on every tcp packet.

I used scapy with python and could successfully sniff packets and in a callback function could even print the packet summary. But I would want to do more, like fetching only the IP address of the source and its port number. How can i accomplish it? Below is my code:

#!/usr/bin/evn python
from scapy.all.import.*
def print_summary(pkt):
    packet = pkt.summary()
    print packet
sniff(filter="tcp",prn=packet_summary)

Please suggest a method to print only the source IP address of every packet.

Thanks.

like image 652
ds345 Avatar asked Oct 11 '13 06:10

ds345

People also ask

How do you read scapy packets?

Sniffing packets using scapy:To sniff the packets use the sniff() function. The sniff() function returns information about all the packets that has been sniffed. To see the summary of packet responses, use summary(). The sniff() function listens for an infinite period of time until the user interrupts.

What is sr1 in scapy?

The sr() function is for sending packets and receiving answers. The function returns a couple of packet and answers, and the unanswered packets. The function sr1() is a variant that only return one packet that answered the packet (or the packet set) sent. The packets must be layer 3 packets (IP, ARP, etc.).

What does PRN mean in scapy?

The prn argument is defined as: prn: function to apply to each packet. If something is returned, it is displayed.

1 Answers

It is not very difficult. Try the following code:

#!/usr/bin/env python
from scapy.all import *
def print_summary(pkt):
    if IP in pkt:
        ip_src=pkt[IP].src
        ip_dst=pkt[IP].dst
    if TCP in pkt:
        tcp_sport=pkt[TCP].sport
        tcp_dport=pkt[TCP].dport

        print " IP src " + str(ip_src) + " TCP sport " + str(tcp_sport) 
        print " IP dst " + str(ip_dst) + " TCP dport " + str(tcp_dport)

    # you can filter with something like that
    if ( ( pkt[IP].src == "192.168.0.1") or ( pkt[IP].dst == "192.168.0.1") ):
        print("!")

sniff(filter="ip",prn=print_summary)
# or it possible to filter with filter parameter...!
sniff(filter="ip and host 192.168.0.1",prn=print_summary)

Enjoy!

like image 137
user2871462 Avatar answered Sep 18 '22 21:09

user2871462
Sign in to Comment

Related questions

How to calculate the parity bit of the following bit sequence?
How to accept self-signed certificates with LWP::UserAgent
Direct P2P connection
Why HTTP_REFERER is single r, not HTTP_REFERRER?
What’s the easiest way to access local websites from a Parallels / VMWare Fusion virtual Windows machine?
iPhone active network type (2G, 3G, WiFi)
What is the difference between UDP and TCP packets? What do you use them for?
How do I get my public ip address in a shell script?
parse IP and TCP header (especially common tcp header options)of packets captured by libpcap
Is TCP packet filtering possible on mobile platforms?
ios networking code in the model?
When is sizeof(int) not 4 bytes in Objective-C?
Generate a random mac address
Android AsyncHttpClient, unable to find symbol class Header
What are the benefits of java.nio for a web server?
Alternative to scp, transferring files between linux machines by opening parallel connections
How to create a lot (I mean a lot) of sockets in Linux?
subversion server vs. network repository access through tortoise
Subscription not registered to use namespace 'Microsoft.Network'
Flow based routing and openflow

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!