Catching layer 2 packets using scapy and nfqueue

Question

I am trying to create packet sniffer which can modify some packets (using Netfilter Queue and Scapy).

Firstly my script adds iptable rule iptables -t raw -A PREROUTING -j NFQUEUE --queue-num 1.

Secondly I am creating queue with custom handler

import netfilterqueue
from scapy.all import *
import socket

def handler(pkt):
    hexdump(pkt.get_payload())
    pkt.accept()

nfqueue = netfilterqueue.NetfilterQueue()
nfqueue.bind(1, handler)

s = socket.fromfd(nfqueue.get_fd(), socket.AF_PACKET, socket.SOCK_RAW)

try:
    nfqueue.run_socket(s)
except KeyboardInterrupt:
    pass

s.close()

nfqueue.unbind()

But only what I can get from pkt.get_payload() is IP frames (no ethernet frames).

I am confused because sniff() function from scapy can easily catch ethernet packets.

For example sniff(prn=lambda pkt:pkt.show()) can return

###[ Ethernet ]### 
  dst= 00:00:00:00:00:00
  src= 00:00:00:00:00:00
  type= 0x86dd
###[ IPv6 ]### 
     ...
###[ UDP ]### 
        ...
###[ Raw ]### 
           ...

Is it possible to catch (and modify) for example source MAC address using nfqueue? I have tried with different socket types but nothing worked.

Catching layer 2 packets using scapy and nfqueue

0 Answers0