lost and found ( for me ? )

Python: Ubuntu11.04 : packet capture w/ python-pcapy n’python-impacket

Here's an example of python script which capture packets on live

# apt-get install python-pcapy python-impcaket


find all devices. pcapy.findalldevs()
>>> import pcapy
>>> devices = pcapy.findalldevs()
>>> print devices
['eth0', 'br0', 'virbr0', 'usbmon1', 'eth2', 'usbmon2', 'usbmon3', 'usbmon4', 'usbmon5', 'usbmon6', 'usbmon7', 'usbmon8', 'usbmon9', 'any', 'lo']
>>>
>>> pcapy.findalldevs()[0]
'eth0'
>>> pcapy.findalldevs()[1]
'br0'
>>> br0 = pcapy.findalldevs()[1]
>>> br0
'br0'
>>>
>>> max_bytes = 1024
>>> promiscous = False
>>> read_timeout = 100



capture.py
# cat capture.py
#!/usr/bin/env python

import pcapy
import impacket.ImpactDecoder

pcapy.findalldevs()

br0 = pcapy.findalldevs()[1]

max_bytes = 1024
promiscous = False
read_timeout = 100 # millisecond
pc = pcapy.open_live(br0,max_bytes,promiscous,read_timeout)

pc.setfilter('udp') # caputre udp packe

def recv_packets(hdr, data):
       packet = impacket.ImpactDecoder.EthDecoder().decode(data)
       print packet

max_packets = -1 # -1 means no limit
pc.loop(-1, recv_packets)



capture UDP packets on br0 port.
# ./capture.py
Ether: 0:26:55:e1:e8:3a -> ff:ff:ff:ff:ff:ff
IP 192.168.10.14 -> 255.255.255.255
UDP 17500 -> 17500

7b22 686f 7374 5f69 6e74 223a 2035 3734 {"host_int": 574
3139 3135 382c 2022 7665 7273 696f 6e22 19158, "version"
3a20 5b31 2c20 385d 2c20 2264 6973 706c : [1, 8], "displ
6179 6e61 6d65 223a 2022 3537 3431 3931 ayname": "574191
3538 222c 2022 706f 7274 223a 2031 3735 58", "port": 175
3030 2c20 226e 616d 6573 7061 6365 7322 00, "namespaces"
3a20 5b34 3439 3134 3730 332c 2032 3931 : [44914703, 291
3136 3130 372c 2034 3439 3134 3734 322c 16107, 44914742,
2034 3232 3332 3933 355d 7d            42232935]}

Ether: 0:26:55:e1:e8:3a -> ff:ff:ff:ff:ff:ff
IP 192.168.10.14 -> 192.168.10.255
UDP 17500 -> 17500

7b22 686f 7374 5f69 6e74 223a 2035 3734 {"host_int": 574
3139 3135 382c 2022 7665 7273 696f 6e22 19158, "version"
3a20 5b31 2c20 385d 2c20 2264 6973 706c : [1, 8], "displ
6179 6e61 6d65 223a 2022 3537 3431 3931 ayname": "574191
3538 222c 2022 706f 7274 223a 2031 3735 58", "port": 175
3030 2c20 226e 616d 6573 7061 6365 7322 00, "namespaces"
3a20 5b34 3439 3134 3730 332c 2032 3931 : [44914703, 291
3136 3130 372c 2034 3439 3134 3734 322c 16107, 44914742,
2034 3232 3332 3933 355d 7d              42232935]}

2 comments:

  1. It helped me, thanks.
    Just one thing..
    Is python-impacket instead of python-impcaket.

    ReplyDelete

Note: Only a member of this blog may post a comment.