I need to intercept network traffic (IPS mode) and drop selected packets, accordingly to specific needs.
I've got two ethernet NIC eth0 and eth1 in promiscuous mode, and I need to retrieve packets from eth0, drop some packets accordingly to specific rules, and forward selected packets to ethic.
I know that IPS systems such as Snort allows to intercept and filter packets, but I'd prefer to do that using a Python program, using Scapy library, if possible.
How can I intercept and forward network traffic using two NIC in promiscuous mode with Scapy?
Use Scapy as IPS for intercepting, selecting and forwarding packets
1.5k views Asked by auino At
1
There are 1 answers
Related Questions in PYTHON
- How to store a date/time in sqlite (or something similar to a date)
- Instagrapi recently showing HTTPError and UnknownError
- How to Retrieve Data from an MySQL Database and Display it in a GUI?
- How to create a regular expression to partition a string that terminates in either ": 45" or ",", without the ": "
- Python Geopandas unable to convert latitude longitude to points
- Influence of Unused FFN on Model Accuracy in PyTorch
- Seeking Python Libraries for Removing Extraneous Characters and Spaces in Text
- Writes to child subprocess.Popen.stdin don't work from within process group?
- Conda has two different python binarys (python and python3) with the same version for a single environment. Why?
- Problem with add new attribute in table with BOTO3 on python
- Can't install packages in python conda environment
- Setting diagonal of a matrix to zero
- List of numbers converted to list of strings to iterate over it. But receiving TypeError messages
- Basic Python Question: Shortening If Statements
- Python and regex, can't understand why some words are left out of the match
Related Questions in NETWORKING
- How to avoid duplicates with the pull-based subscribe model?
- How to simulate CSMA/CD protocol in ns3?
- Network System - Cisco Packet Tracer
- Adhoc / mesh network not working (with and without batman-adv)
- Algorithm for finding a subset of nodes in a weighted connected graph such that the distance between any pair nodes are under a postive number?
- Python Client-Server Communication with Protocol
- I registered a service in eureka which is resolving through java code. But it is not able to resolve its name when hitting through chrome or postman
- Share files from the server without data or internet usage
- Player names not synchronizing in unity Mirror Networking
- My phone can not visit the server on macos in the same local network
- Unable to ping remote websites from an ipV6 only ubuntu ec2 Instance
- Linux Networking - Routing packets from one network interface to another
- wrong output from Supernetting algorithm
- Mapping localhost port on host to docker container
- Microsoft Message Analyzer disable resolving IP address to their domain names a.k.a turn off AutoIP feature
Related Questions in SCAPY
- Python uses the scapy library to read the wireshark packet capture file and then writes a new file and it cannot be displayed
- TimeStamp on ICMP on Scapy (Python)
- BLE SMP packets sniffing using scapy python
- Can scapy errors be removed in exe created by pyinstaller?
- modifying sent and received packets on my machine using scapy
- Python: Get TCP session data on-fly with scapy
- scapy custom source address shows failure
- how to perform a Ping flood attack / ICMP flood attack demonstration?
- Monitor mode / packet injection not working
- Why does Scapy cause network to stop working?
- How to packet forward in python using scapy (or other modules if it isn't possible)
- Distributing Scapy in a Python Virtual Environment
- What is the fastest way to get the start and end times of a pcap log file?
- Fragmented packets reception delayed using Scapy
- Problems with forging ICMP "Fragmentation needed, but DF bit set"
Related Questions in PACKET-CAPTURE
- Detect and capture openconnect traffic using eBPF/XDP
- AWS SDK transcribe streaming not working for OPUS
- modifying sent and received packets on my machine using scapy
- is the RST ACK packet in wireshark normal?
- Packet Sniffing on Mirrored Port - Missing Packets when UDP Message > 50kb (Python, Scapy)
- Packet Arrival time Drifting Linearly at the Receiving Endpoint
- Scapy Error sending packet (promiscuous mode)
- tcpdump is buffering incoming packets and storing into pcap file
- Troubleshooting ASHA Protocol Audio Streaming Issue: LEAP Error in CoreBluetooth BLE Connection
- Packet Arrival time different in recieving endpoint
- Filtering for Quic Client Hello packets with tcpdump
- How to detect the real IP addresses of an hacker in ARP Spoofing using Wireshark?
- When sending a file with a WiFi adapter, the number of packets sent according to Powershell is much lower than the expected value
- How to run scapy python scripts in linux?
- Send packet with SharpPCAP on Loopback device
Related Questions in NETWORK-TRAFFIC
- Trying to get net.if.in and net.if.out values with zabbix api python
- Does traffic control (tc) command have a rate limit?
- problem with zeek, specifically broker in python
- SUMO Simulation Error: Vehicle 'veh1' has no valid route. No connection between
- Trex Traffic generator in AWS
- all the outcoming traffic is blocked in kubernetes pod
- iis asp.net track constant traffic
- tcpdump is buffering incoming packets and storing into pcap file
- Global traffic policy within same region
- How to calculate/find the network ID of my home router and second hop router?
- An input data format for the BEST2COP utility
- Filter network requests by content in FF/Chrome
- Using AWS traffic policy to setup weighted routing from a DNS record to two CloudFront distributions
- How network egress works on google cloud storage
- Is there a way that I can get HERE's API traffic static map (or ground truth)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
You cannot "intercept" packets from Scapy.
When Snort do that, it stops being an IDS (that sniffs the network) and becomes an IPS (basically, a firewall that looks at the application layer as well as the network layers to make its decisions).
To do what you want, you'll need Netfilter, the NFQUEUE target of Iptables and the Python bindings for nfqueue (python-nfqueue package under Debian based distributions).
Scapy may only help you to dissect the packets (to "understand" them and optionally tamper them).
Anyway, this is probably going to be very slow, so unless you are working on a PoC, you probably want to use Snort or Suricata.