-2

I'm trying to write a program to sniff outgoing ICMP & TCP request packets by python2.7 socket But, I just know how to sniff incoming packets on port.

The program can be executed to sniff any outgoing ICMP & TCP packets by superuser on Llnux. How can I do ?

Curtis Su
  • 50
  • 4
  • What have you tried? What part are you stuck on? Do you want to use `libpcap` or explicit raw sockets or some other alternative? – abarnert Jan 14 '14 at 05:46
  • I am the beginner of python. I refer to some socket sample to practice network programming. the sample import socket, create socket object, set socket, and bind port to listen incoming packets. But this program is just able to sniff the port of the socket binding. So, I confuse how to sniff any outgoing packet. – Curtis Su Jan 14 '14 at 16:08
  • Well, you need to learn about raw sockets (and possibly promiscuous mode). Read the man pages or find a tutorial. Play with Wireshark and read its documentation. Maybe write some basic scripts to play with raw sockets in easy ways. Then you'll probably want to use `libpcap` with one of its various Python bindings for your real program. – abarnert Jan 14 '14 at 19:03

1 Answers1

0

pycap

(Example from project page)

>>> import dpkt, pcap
>>> pc = pcap.pcap()
>>> pc.setfilter('icmp')
>>> for ts, pkt in pc:
...     print `dpkt.ethernet.Ethernet(pkt)`
...
Ethernet(src='\x00\x03G\xb2M\xe4', dst='\x00\x03G\x06h\x18', data=IP(src='\n\x00\x01\x1c', dst='\n\x00\x01\x10', sum=39799, len=60, p=1, ttl=128, id=35102, data=ICMP(sum=24667, type=8, data=Echo(id=512, seq=60160, data='abcdefghijklmnopqrstuvwabcdefghi'))))
Ethernet(src='\x00\x03G\x06h\x18', dst='\x00\x03G\xb2M\xe4', data=IP(src='\n\x00\x01\x10', dst='\n\x00\x01\x1c', sum=43697, len=60, p=1, ttl=255, id=64227, data=ICMP(sum=26715, data=Echo(id=512, seq=60160, data='abcdefghijklmnopqrstuvwabcdefghi'))))
^CTraceback (most recent call last):
  File '<stdin>', line 1, in ?
  File 'pcap.pyx', line 298, in pcap.pcap.__next__
KeyboardInterrupt
>>>
>>> pc.stats()
(4851, 0, 0)
mojo
  • 4,050
  • 17
  • 24