I am programming a sniffer in python with sockets and I am not sure why I only sniff on the port 22. I am in a machine connected via ssh from ip 10.0.0.2 to 10.0.0.3 and when I sniff I only sniff the ssh traffic, I am trying this for sniffing non port 22 traffic:
import socket
from struct import *
print 'Bienvenido'
s = socket.socket(socket.AF_INET,socket.SOCK_RAW,socket.IPPROTO_TCP)
while True:
packet = s.recvfrom(65000)
packet = packet[0]
ip_header = packet[0:20]
iph = unpack('!BBHHHBBH4s4s' , ip_header)
ip_src = socket.inet_ntoa(iph[8])
ip_dst = socket.inet_ntoa(iph[9])
tcp_header = packet[20:40]
tcp_h = unpack('!HHLLBBHHH',tcp_header)
src_port = tcp_h[0]
dst_port = tcp_h[1]
if str(dst_port)!="22":
print 'ip_src : ' + ip_src
print 'ip dst : ' + ip_dst
print 'src port: ' + str(src_port)
print 'dst port: ' + str(dst_port)
But I don't sniff anything, if I change into if str(dst_port)!="22": I sniff the traffic from 10.0.0.2 to 10.0.0.3.
On the remote machine I have started tcpdump sniffing on the port 80, connected to google via telnet to the port 80, I have also tried with FTP traffic but no success, and I sniff in tcpdump but not on my sniffer. Does anyone what is maybe happening¿?
Thank you in advance