def __init__(self, wifitap, map=None): self._tap = wifitap # Here we put a BPF filter so only 802.11 Data/to-DS frames are captured self.fd = conf.L2listen(iface=wifitap.inface, filter="link[0]&0xc == 8 and link[1]&0xf == 1") asyncore.file_dispatcher.__init__(self, self.fd, map)
def test_configure_sockets(self, socket_mock, *args, **kwargs): socket_mock.return_value.recv = lambda x: '{"success":0}' socket_mock.return_value.getsockname = lambda: "/tmp/blafoo" scapy_unroot.sockets.configure_sockets() self.assertEqual("L2listen", conf.L2listen().scapy_conf_type) self.assertEqual("L2socket", conf.L2socket().scapy_conf_type) self.assertEqual("L3socket", conf.L3socket().scapy_conf_type) self.assertEqual("L3socket6", conf.L3socket6().scapy_conf_type)
def run(self): self.socket = conf.L2listen(type=ETH_P_ALL, iface=self.interface, filter=self.filter_packets) sniff(opened_socket=self.socket, prn=self.manage_packet, stop_filter=self.should_stop_sniffer)
def sniff(store=False, prn=None, lfilter=None, stop_event=None, refresh=.1, *args, **kwargs): """Sniff packets sniff([count=0,] [prn=None,] [store=1,] [offline=None,] [lfilter=None,] + L2ListenSocket args) store: wether to store sniffed packets or discard them prn: function to apply to each packet. If something is returned, it is displayed. Ex: ex: prn = lambda x: x.summary() lfilter: python function applied to each packet to determine if further action may be done ex: lfilter = lambda x: x.haslayer(Padding) stop_event: Event that stops the function when set refresh: check stop_event.set() every refresh seconds """ s = conf.L2listen(type=ETH_P_ALL, *args, **kwargs) lst = [] try: while True: if stop_event and stop_event.is_set(): break sel = select([s], [], [], refresh) if s in sel[0]: p = s.recv(MTU) if p is None: break if lfilter and not lfilter(p): continue if store: lst.append(p) if prn: r = prn(p) if r is not None: print(r) except KeyboardInterrupt: pass finally: s.close() return plist.PacketList(lst, "Sniffed")
def run(self): # TODO this loop could be reconciled with the ofp Connection to become a # single select loop. self.sock = s = conf.L2listen(type=ETH_P_ALL, iface=self.iface, filter='inbound') while not self.finished: try: sniffed = sniff(1, iface=self.iface, timeout=1, opened_socket=s) print 'Sniffer received %d packet(s)' % len(sniffed) for pkt in sniffed: self.forward_packet(pkt) except Exception, e: logging.error("scapy.sniff error: %s" % e)
def run(self): """Sniff neighbor control messages (ARP and NDP)""" sockets = {} try: for iface in self.ifaces: sockets[iface] = conf.L2listen(iface=iface, filter=self.sniff_filter) while True: sel = select.select(sockets.values(), [], []) for iface, s in sockets.items(): if s in sel[0]: pkt = s.recv(MTU) if pkt is None or Ether not in pkt: continue elif ARP in pkt: self.process_arp_packet(iface, pkt) elif IPv6 in pkt: self.process_icmpv6_packet(iface, pkt) finally: for iface, s in sockets.items(): s.close()
print "smac: %s" % options.smac if options.wepkey is not None: print "WEP key: %s (%dbits)" % (options.wepkey, len(options.wepkey) * 4) print 'DEBUG mode:', options.debug if __name__ == '__main__': options = setup() # Here we put a BPF filter so only 802.11 Data/to-DS frames are captured s = conf.L2listen(iface=options.in_iface, filter="link[0]&0xc == 8 and link[1]&0xf == 1") # Speed optimization si Scapy does not have to parse payloads ARP.payload_guess = [] try: while True: dot11_frame = s.recv(2346) # WEP handling is automagicly done by Scapy if conf.wepkey is set # Nothing to do to decrypt (although not yet tested) # WEP frames have Dot11WEP layer, others don't if options.debug and options.verb: if dot11_frame.haslayer(Dot11WEP): # WEP frame os.write(1, "Received WEP from %s\n" % options.in_iface) else: # Cleartext frame
#!/usr/bin/python -tt import logging # disable warnings logging.getLogger("scapy").setLevel(logging.ERROR) logging.getLogger("scapy.loading").setLevel(logging.ERROR) from scapy.all import conf, send, sniff, IP, UDP, Raw from threading import Thread from time import sleep conf.verb = 0 conf.sniff_promisc = 0 conf.L2listen(iface="br0") addp_port = 2362 addp = IP(dst="224.0.5.128") / UDP(sport=addp_port, dport=addp_port) discover_request = addp / "DIGI\x00\x01\x00\x06\xff\xff\xff\xff\xff\xff" def print_packet(x): #print x.display() return '{0}: type: {1}, raw:'.format(x.sprintf("%IP.src%:"), repr(x[Raw].load)) class sniffer(Thread): def __init__(self): Thread.__init__(self)
else: if KEYID != 0: print "WEP not activated, key id ignored" if not DEBUG: if VERB: print "DEBUG not activated, verbosity ignored" else: print "DEBUG activated" if VERB: print "Verbose debugging" conf.iface = OUT_IFACE # Here we put a BPF filter so only 802.11 Data/to-DS frames are captured s = conf.L2listen(iface=IN_IFACE, filter="link[0]&0xc == 8 and link[1]&0xf == 1") #s = conf.L2listen(iface = IN_IFACE) # Open /dev/net/tun in TAP (ether) mode f = os.open("/dev/net/tun", os.O_RDWR) ifs = ioctl(f, TUNSETIFF, struct.pack("16sH", "wj%d", TUNMODE)) ifname = ifs[:16].strip("\x00") print "Interface %s created. Configure it and use it" % ifname # Speed optimization si Scapy does not have to parse payloads Ether.payload_guess = [] SNAP.payload_guess = [] try: while 1: r = select([f, s], [], [])[0]
def _can_sniff(): try: scapy_conf.L2listen() except RuntimeError: return False return True