Python - Scapy - Sniffing local network

1.9k views Asked by At

Is there a way to sniff local network with Scapy? For example - i'm developing a chat application with Python using TCP sockets, is there a way to sniff the data I send to '127.0.0.1'?

1

There are 1 answers

1
efirvida On BEST ANSWER

this code may be helpful

#!/usr/bin/python
__author__ = 'efirvida'

from netaddr import iter_iprange
from scapy.all import IP, TCP, ICMP, sr1, sniff
import logging
logging.getLogger('scapy').setLevel(logging.ERROR)

def ip_range(star_ip, stop_ip):
    netaddr_ip_list = list(iter_iprange(star_ip, stop_ip))
    return [str(i) for i in netaddr_ip_list]


def online_ip(iplist, timeout):
    online_ips = []
    for ip in iplist:
        reply = sr1(IP(dst=ip)/ICMP(), timeout=timeout, verbose=False)
        if not (reply is None):
            online_ips.append(ip)

    return online_ips


if __name__ == '__main__':

    TIMEOUT = 0.5
    snf_pk = 30                                                 # Number of sniff package to get
    star_ip = '10.12.12.1'                                      #  start ip on the ip-range to scan
    stop_ip = '10.12.12.40'                                     #  last ip on the ip-range to scan
    ports = [21, 22, 80, 442, 443, 808, 1080, 3128, 8080]       # port list to scan on the active ips

    ip_list = online_ip(ip_range(star_ip, stop_ip), TIMEOUT)    # online ips on the ip range

    #check open ports on the online ips
    ip_ports = []
    for ip in ip_list:
        openports = []
        for port in ports:
            ans = sr1(IP(dst=ip)/TCP(dport=port, flags="S"), timeout=TIMEOUT, verbose=False)
            if not (type(ans) == type(None)):
                if ans[TCP].flags == 18:
                    openports.append(port)

        if openports:
            ip_ports.append({'ip':ip, 'ports': openports})
    #stop check open ports on the online ips    


    #sniff active ports on each active ip
    for ip in ip_ports:
        for port in ip['ports']:
            print 'Sniffing in ' + ip['ip'] + ':' + str(port)
            snf = sniff(filter="tcp and port " + str(port) + " and host " + ip['ip'], count=snf_pk)
            snf.pdfdump('sniff_' + ip['ip'] + '_port_' + str(port) + '.pdf')