0

So I am attempting to retro fit an amazing network packet sniffer already established but for linux. The basic jist is the code below works for socket.IPPROTO_UDP but not socket.IPPROTO_TCP.

    import socket





    #create an INET, STREAMing socket

    HOST = socket.gethostbyname(socket.gethostname())
    # create a raw socket and bind it to the public interface
    s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
    s.bind((HOST, 0))
    # Include IP headers
    s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
    # receive all packages
    s.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)

    # receive a packet
    packet = s.recvfrom(65565)
    print packet

The error I get when running the above is : "line 12, in s.bind((HOST, 0)) File "", line 1, in bind socket.error: [Errno 10022] An invalid argument was supplied. If I fuss around with the above and strip it to bare min:

import socket

s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)


# receive a packet
packet = s.recvfrom(65565)
print packet

I get similar error but a tad diff line 7, in packet = s.recvfrom(65565) socket.error: [Errno 10022] An invalid argument was supplied

The sniffer I am trying to retro fit, using same formatting etc is here: http://www.binarytides.com/python-packet-sniffer-code-linux/ -- crd to dev -- if anyone has further advise i'd appreciate it.

In the stars
  • 253
  • 4
  • 17
  • 65535 (2 ** 16) - 1 would be the largest number you could use. not 65565 – Gerrat Apr 11 '15 at 16:55
  • Neither seem to make a difference with tcp, and 65565 works fine for udp – In the stars Apr 11 '15 at 20:30
  • Ah, I saw the number (which is a really odd number) and assumed it was just mistyped. The [python docs](https://docs.python.org/2/library/socket.html#socket.socket.recv) do mention you should make this a power of 2, but this isn't why your code is failing. – Gerrat Apr 11 '15 at 20:50

1 Answers1

1

Besides your mistake (explained by Gerrat), you can't port that code to Windows. You can see in that article when it says:

Linux because, although python is a portable, the programs wont run or give similar results on windows for example. This is due to difference in the implementation of the socket api.

Packet sniffers in Windows are usually implemented by hooking the Winsock API or using the Winpcap driver. So you're going the wrong way.

Hope it helps.

cdonts
  • 9,304
  • 4
  • 46
  • 72
  • Yes. Free-software sniffers, *even on UN\*Xes, including Linux*, are usually implemented using libpcap on UN\*X and WinPcap on Windows, and are reasonably portable. Python has the [pylibpcap](http://sourceforge.net/projects/pylibpcap/) and [pcapy](http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=tool&name=Pcapy) wrappers for libpcap/WinPcap. –  Apr 11 '15 at 17:48
  • I have re-purposed the code you said wouldn't work, directly into a windows python script without much if any modification for UDP, but will not with TCP. I still think this is possible with TCP, I just don't know the extras you have to add to get the IPPROTO.TCP option to fly. The original question is still this, why does IPPROTO.UDP work perfectly on windows with packet = s.recvfrom(65565), but TCP fails. Ofc look at original post code to see the difference in attempts – In the stars Apr 11 '15 at 20:33