1

I am trying to get packets from a website hosted locally on remote computer(Test purpose) using pyshark.

Here is my code:

import pyshark

def print_live_dns():
   capture = pyshark.LiveCapture("wlan0")
   for packet in capture:
      # print(packet)
      with open('packets.txt', 'a') as f:
         f.write(str(packet))
      if "DNS" in packet and not packet.dns.flags_response.int_value:
         print(packet.dns.qry_name)

if __name__ == "__main__":
    print_live_dns()

With this code I only get packets from the internet. which is not what I need. How do I achieve this? using either pyshark, scapy, nmap etc

Bruno
  • 33
  • 1
  • 5
  • Do you see the packets if you remove the `if "DNS"...` conditional? Do you see the packets if you run the command `tshark -Y dns`? – Ross Jacobs Sep 10 '20 at 03:49
  • You should see traffic with this command if you're sending dns queries to an RFC1918 destination: `tshark -Y "dns.flags.response == 1 && (ip.src == 10.0.0.0/8 || ip.src==172.16.0.0/12 || ip.src==192.168.0.0/16)"` – Ross Jacobs Sep 10 '20 at 03:50
  • I can see the packets when I `print packet`, Thanks. How do I see URLs that is entered in the browser. I only see these Layers: TCP, ARP, IP, ETH? – Bruno Sep 10 '20 at 07:43
  • The URL entered in the browser looks like this `192.168.1.191:8000/home` – Bruno Sep 10 '20 at 07:52
  • 1
    I am sorry my friend, but you should read up on networking protocols, as that is the root question here. This is one such resource: https://www.ece.uvic.ca/~itraore/elec567-13/notes/dist-03-4.pdf. Also: https://news.ycombinator.com/item?id=18506651 – Ross Jacobs Sep 10 '20 at 08:29

0 Answers0