def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, nofilter=0, monitor=False): self.fd_flags = None self.assigned_interface = None # SuperSocket mandatory variables if promisc is None: self.promisc = conf.sniff_promisc else: self.promisc = promisc if iface is None: self.iface = conf.iface else: self.iface = iface # Get the BPF handle (self.ins, self.dev_bpf) = get_dev_bpf() self.outs = self.ins # Set the BPF buffer length try: fcntl.ioctl(self.ins, BIOCSBLEN, struct.pack('I', BPF_BUFFER_LENGTH)) # noqa: E501 except IOError: raise Scapy_Exception("BIOCSBLEN failed on /dev/bpf%i" % self.dev_bpf) # Assign the network interface to the BPF handle try: fcntl.ioctl(self.ins, BIOCSETIF, struct.pack("16s16x", self.iface.encode())) # noqa: E501 except IOError: raise Scapy_Exception("BIOCSETIF failed on %s" % self.iface) self.assigned_interface = self.iface # Set the interface into promiscuous if self.promisc: self.set_promisc(1) # Set the interface to monitor mode # Note: - trick from libpcap/pcap-bpf.c - monitor_mode() # - it only works on OS X 10.5 and later if DARWIN and monitor: dlt_radiotap = struct.pack('I', DLT_IEEE802_11_RADIO) try: fcntl.ioctl(self.ins, BIOCSDLT, dlt_radiotap) except IOError: raise Scapy_Exception("Can't set %s into monitor mode!" % self.iface) # Don't block on read try: fcntl.ioctl(self.ins, BIOCIMMEDIATE, struct.pack('I', 1)) except IOError: raise Scapy_Exception("BIOCIMMEDIATE failed on /dev/bpf%i" % self.dev_bpf) # Scapy will provide the link layer source address # Otherwise, it is written by the kernel try: fcntl.ioctl(self.ins, BIOCSHDRCMPLT, struct.pack('i', 1)) except IOError: raise Scapy_Exception("BIOCSHDRCMPLT failed on /dev/bpf%i" % self.dev_bpf) # Configure the BPF filter if not nofilter: if conf.except_filter: if filter: filter = "(%s) and not (%s)" % (filter, conf.except_filter) else: filter = "not (%s)" % conf.except_filter if filter is not None: attach_filter(self.ins, filter, self.iface) # Set the guessed packet class self.guessed_cls = self.guess_cls()
# Otherwise, it is written by the kernel try: fcntl.ioctl(self.ins, BIOCSHDRCMPLT, struct.pack('i', 1)) except IOError, err: msg = "BIOCSHDRCMPLT failed on /dev/bpf%i" % self.dev_bpf raise Scapy_Exception(msg) # Configure the BPF filter if not nofilter: if conf.except_filter: if filter: filter = "(%s) and not (%s)" % (filter, conf.except_filter) else: filter = "not (%s)" % conf.except_filter if filter is not None: attach_filter(self.ins, self.iface, filter) # Set the guessed packet class self.guessed_cls = self.guess_cls() def set_promisc(self, value): """Set the interface in promiscuous mode""" try: fcntl.ioctl(self.ins, BIOCPROMISC, struct.pack('i', value)) except IOError, err: msg = "Can't put your interface (%s) into promiscuous mode !" % self.iface raise Scapy_Exception(msg) def __del__(self): """Close the file descriptor on delete"""
def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, nofilter=0): # SuperSocket mandatory variables if promisc is None: self.promisc = conf.sniff_promisc else: self.promisc = promisc if iface is None: self.iface = conf.iface else: self.iface = iface # Get the BPF handle (self.ins, self.dev_bpf) = get_dev_bpf() self.outs = self.ins # Set the BPF buffer length try: fcntl.ioctl(self.ins, BIOCSBLEN, struct.pack('I', BPF_BUFFER_LENGTH)) except IOError: raise Scapy_Exception("BIOCSBLEN failed on /dev/bpf%i" % self.dev_bpf) # Assign the network interface to the BPF handle try: fcntl.ioctl(self.ins, BIOCSETIF, struct.pack("16s16x", self.iface)) except IOError: raise Scapy_Exception("BIOCSETIF failed on %s" % self.iface) self.assigned_interface = self.iface # Set the interface into promiscuous if self.promisc: self.set_promisc(1) # Don't block on read try: fcntl.ioctl(self.ins, BIOCIMMEDIATE, struct.pack('I', 1)) except IOError: raise Scapy_Exception("BIOCIMMEDIATE failed on /dev/bpf%i" % self.dev_bpf) # Scapy will provide the link layer source address # Otherwise, it is written by the kernel try: fcntl.ioctl(self.ins, BIOCSHDRCMPLT, struct.pack('i', 1)) except IOError: raise Scapy_Exception("BIOCSHDRCMPLT failed on /dev/bpf%i" % self.dev_bpf) # Configure the BPF filter if not nofilter: if conf.except_filter: if filter: filter = "(%s) and not (%s)" % (filter, conf.except_filter) else: filter = "not (%s)" % conf.except_filter if filter is not None: attach_filter(self.ins, self.iface, filter) # Set the guessed packet class self.guessed_cls = self.guess_cls()
def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, nofilter=0, monitor=False): # SuperSocket mandatory variables if promisc is None: self.promisc = conf.sniff_promisc else: self.promisc = promisc if iface is None: self.iface = conf.iface else: self.iface = iface # Get the BPF handle (self.ins, self.dev_bpf) = get_dev_bpf() self.outs = self.ins # Set the BPF buffer length try: fcntl.ioctl(self.ins, BIOCSBLEN, struct.pack('I', BPF_BUFFER_LENGTH)) # noqa: E501 except IOError: raise Scapy_Exception("BIOCSBLEN failed on /dev/bpf%i" % self.dev_bpf) # Assign the network interface to the BPF handle try: fcntl.ioctl(self.ins, BIOCSETIF, struct.pack("16s16x", self.iface.encode())) # noqa: E501 except IOError: raise Scapy_Exception("BIOCSETIF failed on %s" % self.iface) self.assigned_interface = self.iface # Set the interface into promiscuous if self.promisc: self.set_promisc(1) # Set the interface to monitor mode # Note: - trick from libpcap/pcap-bpf.c - monitor_mode() # - it only works on OS X 10.5 and later if DARWIN and monitor: dlt_radiotap = struct.pack('I', DLT_IEEE802_11_RADIO) try: fcntl.ioctl(self.ins, BIOCSDLT, dlt_radiotap) except IOError: raise Scapy_Exception("Can't set %s into monitor mode!" % self.iface) # Don't block on read try: fcntl.ioctl(self.ins, BIOCIMMEDIATE, struct.pack('I', 1)) except IOError: raise Scapy_Exception("BIOCIMMEDIATE failed on /dev/bpf%i" % self.dev_bpf) # Scapy will provide the link layer source address # Otherwise, it is written by the kernel try: fcntl.ioctl(self.ins, BIOCSHDRCMPLT, struct.pack('i', 1)) except IOError: raise Scapy_Exception("BIOCSHDRCMPLT failed on /dev/bpf%i" % self.dev_bpf) # Configure the BPF filter if not nofilter: if conf.except_filter: if filter: filter = "(%s) and not (%s)" % (filter, conf.except_filter) else: filter = "not (%s)" % conf.except_filter if filter is not None: attach_filter(self.ins, self.iface, filter) # Set the guessed packet class self.guessed_cls = self.guess_cls()
def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, nofilter=0, monitor=False): self.fd_flags = None self.assigned_interface = None # SuperSocket mandatory variables if promisc is None: self.promisc = conf.sniff_promisc else: self.promisc = promisc self.iface = network_name(iface or conf.iface) # Get the BPF handle self.ins = None (self.ins, self.dev_bpf) = get_dev_bpf() self.outs = self.ins # Set the BPF buffer length try: fcntl.ioctl(self.ins, BIOCSBLEN, struct.pack('I', BPF_BUFFER_LENGTH)) # noqa: E501 except IOError: raise Scapy_Exception("BIOCSBLEN failed on /dev/bpf%i" % self.dev_bpf) # Assign the network interface to the BPF handle try: fcntl.ioctl(self.ins, BIOCSETIF, struct.pack("16s16x", self.iface.encode())) # noqa: E501 except IOError: raise Scapy_Exception("BIOCSETIF failed on %s" % self.iface) self.assigned_interface = self.iface # Set the interface into promiscuous if self.promisc: self.set_promisc(1) # Set the interface to monitor mode # Note: - trick from libpcap/pcap-bpf.c - monitor_mode() # - it only works on OS X 10.5 and later if DARWIN and monitor: # Convert macOS version to an integer try: tmp_mac_version = platform.mac_ver()[0].split(".") tmp_mac_version = [int(num) for num in tmp_mac_version] macos_version = tmp_mac_version[0] * 10000 macos_version += tmp_mac_version[1] * 100 + tmp_mac_version[2] except (IndexError, ValueError): warning("Could not determine your macOS version!") macos_version = sys.maxint # Disable 802.11 monitoring on macOS Catalina (aka 10.15) and upper if macos_version < 101500: dlt_radiotap = struct.pack('I', DLT_IEEE802_11_RADIO) try: fcntl.ioctl(self.ins, BIOCSDLT, dlt_radiotap) except IOError: raise Scapy_Exception("Can't set %s into monitor mode!" % self.iface) else: warning("Scapy won't activate 802.11 monitoring, " "as it will crash your macOS kernel!") # Don't block on read try: fcntl.ioctl(self.ins, BIOCIMMEDIATE, struct.pack('I', 1)) except IOError: raise Scapy_Exception("BIOCIMMEDIATE failed on /dev/bpf%i" % self.dev_bpf) # Scapy will provide the link layer source address # Otherwise, it is written by the kernel try: fcntl.ioctl(self.ins, BIOCSHDRCMPLT, struct.pack('i', 1)) except IOError: raise Scapy_Exception("BIOCSHDRCMPLT failed on /dev/bpf%i" % self.dev_bpf) # Configure the BPF filter filter_attached = False if not nofilter: if conf.except_filter: if filter: filter = "(%s) and not (%s)" % (filter, conf.except_filter) else: filter = "not (%s)" % conf.except_filter if filter is not None: try: attach_filter(self.ins, filter, self.iface) filter_attached = True except ImportError as ex: warning("Cannot set filter: %s" % ex) if NETBSD and filter_attached is False: # On NetBSD, a filter must be attached to an interface, otherwise # no frame will be received by os.read(). When no filter has been # configured, Scapy uses a simple tcpdump filter that does nothing # more than ensuring the length frame is not null. filter = "greater 0" try: attach_filter(self.ins, filter, self.iface) except ImportError as ex: warning("Cannot set filter: %s" % ex) # Set the guessed packet class self.guessed_cls = self.guess_cls()
def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, nofilter=0): # SuperSocket mandatory variables if promisc is None: self.promisc = conf.sniff_promisc else: self.promisc = promisc if iface is None: self.iface = conf.iface else: self.iface = iface # Get the BPF handle (self.ins, self.dev_bpf) = get_dev_bpf() self.outs = self.ins # Set the BPF buffer length try: fcntl.ioctl(self.ins, BIOCSBLEN, struct.pack('I', BPF_BUFFER_LENGTH)) except IOError: raise Scapy_Exception("BIOCSBLEN failed on /dev/bpf%i" % self.dev_bpf) # Assign the network interface to the BPF handle try: fcntl.ioctl(self.ins, BIOCSETIF, struct.pack("16s16x", self.iface)) except IOError: raise Scapy_Exception("BIOCSETIF failed on %s" % self.iface) self.assigned_interface = self.iface # Set the interface into promiscuous if self.promisc: self.set_promisc(1) # Don't block on read try: fcntl.ioctl(self.ins, BIOCIMMEDIATE, struct.pack('I', 1)) except IOError: raise Scapy_Exception("BIOCIMMEDIATE failed on /dev/bpf%i" % self.dev_bpf) # Scapy will provide the link layer source address # Otherwise, it is written by the kernel try: fcntl.ioctl(self.ins, BIOCSHDRCMPLT, struct.pack('i', 1)) except IOError: raise Scapy_Exception("BIOCSHDRCMPLT failed on /dev/bpf%i" % self.dev_bpf) # Configure the BPF filter if not nofilter: if conf.except_filter: if filter: filter = "(%s) and not (%s)" % (filter, conf.except_filter) else: filter = "not (%s)" % conf.except_filter if filter is not None: attach_filter(self.ins, self.iface, filter) # Set the guessed packet class self.guessed_cls = self.guess_cls()
# Otherwise, it is written by the kernel try: fcntl.ioctl(self.ins, BIOCSHDRCMPLT, struct.pack('i', 1)) except IOError, err: msg = "BIOCSHDRCMPLT failed on /dev/bpf%i" % self.dev_bpf raise Scapy_Exception(msg) # Configure the BPF filter if not nofilter: if conf.except_filter: if filter: filter = "(%s) and not (%s)" % (filter, conf.except_filter) else: filter = "not (%s)" % conf.except_filter if filter is not None: attach_filter(self.ins, self.iface, filter) # Set the guessed packet class self.guessed_cls = self.guess_cls() def set_promisc(self, value): """Set the interface in promiscuous mode""" try: fcntl.ioctl(self.ins, BIOCPROMISC, struct.pack('i', value)) except IOError, err: msg = "Can't put your interface (%s) into promiscuous mode !" % self.iface raise Scapy_Exception(msg) def __del__(self): """Close the file descriptor on delete"""