def __init__(self, wifitap, map=None):
self._tap = wifitap
# Here we put a BPF filter so only 802.11 Data/to-DS frames are captured
self.fd = conf.L2listen(iface=wifitap.inface,
filter="link[0]&0xc == 8 and link[1]&0xf == 1")
asyncore.file_dispatcher.__init__(self, self.fd, map)
def test_configure_sockets(self, socket_mock, *args, **kwargs):
socket_mock.return_value.recv = lambda x: '{"success":0}'
socket_mock.return_value.getsockname = lambda: "/tmp/blafoo"
scapy_unroot.sockets.configure_sockets()
self.assertEqual("L2listen", conf.L2listen().scapy_conf_type)
self.assertEqual("L2socket", conf.L2socket().scapy_conf_type)
self.assertEqual("L3socket", conf.L3socket().scapy_conf_type)
self.assertEqual("L3socket6", conf.L3socket6().scapy_conf_type)
def run(self):
self.socket = conf.L2listen(type=ETH_P_ALL,
iface=self.interface,
filter=self.filter_packets)
sniff(opened_socket=self.socket,
prn=self.manage_packet,
stop_filter=self.should_stop_sniffer)
def sniff(store=False,
prn=None,
lfilter=None,
stop_event=None,
refresh=.1,
*args,
**kwargs):
"""Sniff packets
sniff([count=0,] [prn=None,] [store=1,] [offline=None,] [lfilter=None,] + L2ListenSocket args)
store: wether to store sniffed packets or discard them
prn: function to apply to each packet. If something is returned,
it is displayed. Ex:
ex: prn = lambda x: x.summary()
lfilter: python function applied to each packet to determine
if further action may be done
ex: lfilter = lambda x: x.haslayer(Padding)
stop_event: Event that stops the function when set
refresh: check stop_event.set() every refresh seconds
"""
s = conf.L2listen(type=ETH_P_ALL, *args, **kwargs)
lst = []
try:
while True:
if stop_event and stop_event.is_set():
break
sel = select([s], [], [], refresh)
if s in sel[0]:
p = s.recv(MTU)
if p is None:
break
if lfilter and not lfilter(p):
continue
if store:
lst.append(p)
if prn:
r = prn(p)
if r is not None:
print(r)
except KeyboardInterrupt:
pass
finally:
s.close()
return plist.PacketList(lst, "Sniffed")
def run(self):
# TODO this loop could be reconciled with the ofp Connection to become a
# single select loop.
self.sock = s = conf.L2listen(type=ETH_P_ALL,
iface=self.iface,
filter='inbound')
while not self.finished:
try:
sniffed = sniff(1,
iface=self.iface,
timeout=1,
opened_socket=s)
print 'Sniffer received %d packet(s)' % len(sniffed)
for pkt in sniffed:
self.forward_packet(pkt)
except Exception, e:
logging.error("scapy.sniff error: %s" % e)
def run(self):
"""Sniff neighbor control messages (ARP and NDP)"""
sockets = {}
try:
for iface in self.ifaces:
sockets[iface] = conf.L2listen(iface=iface,
filter=self.sniff_filter)
while True:
sel = select.select(sockets.values(), [], [])
for iface, s in sockets.items():
if s in sel[0]:
pkt = s.recv(MTU)
if pkt is None or Ether not in pkt:
continue
elif ARP in pkt:
self.process_arp_packet(iface, pkt)
elif IPv6 in pkt:
self.process_icmpv6_packet(iface, pkt)
finally:
for iface, s in sockets.items():
s.close()
print "smac: %s" % options.smac
if options.wepkey is not None:
print "WEP key: %s (%dbits)" % (options.wepkey,
len(options.wepkey) * 4)
print 'DEBUG mode:', options.debug
if __name__ == '__main__':
options = setup()
# Here we put a BPF filter so only 802.11 Data/to-DS frames are captured
s = conf.L2listen(iface=options.in_iface,
filter="link[0]&0xc == 8 and link[1]&0xf == 1")
# Speed optimization si Scapy does not have to parse payloads
ARP.payload_guess = []
try:
while True:
dot11_frame = s.recv(2346)
# WEP handling is automagicly done by Scapy if conf.wepkey is set
# Nothing to do to decrypt (although not yet tested)
# WEP frames have Dot11WEP layer, others don't
if options.debug and options.verb:
if dot11_frame.haslayer(Dot11WEP): # WEP frame
os.write(1, "Received WEP from %s\n" % options.in_iface)
else: # Cleartext frame
#!/usr/bin/python -tt
import logging
# disable warnings
logging.getLogger("scapy").setLevel(logging.ERROR)
logging.getLogger("scapy.loading").setLevel(logging.ERROR)
from scapy.all import conf, send, sniff, IP, UDP, Raw
from threading import Thread
from time import sleep
conf.verb = 0
conf.sniff_promisc = 0
conf.L2listen(iface="br0")
addp_port = 2362
addp = IP(dst="224.0.5.128") / UDP(sport=addp_port, dport=addp_port)
discover_request = addp / "DIGI\x00\x01\x00\x06\xff\xff\xff\xff\xff\xff"
def print_packet(x):
#print x.display()
return '{0}: type: {1}, raw:'.format(x.sprintf("%IP.src%:"),
repr(x[Raw].load))
class sniffer(Thread):
def __init__(self):
Thread.__init__(self)
else:
if KEYID != 0:
print "WEP not activated, key id ignored"
if not DEBUG:
if VERB:
print "DEBUG not activated, verbosity ignored"
else:
print "DEBUG activated"
if VERB:
print "Verbose debugging"
conf.iface = OUT_IFACE
# Here we put a BPF filter so only 802.11 Data/to-DS frames are captured
s = conf.L2listen(iface=IN_IFACE,
filter="link[0]&0xc == 8 and link[1]&0xf == 1")
#s = conf.L2listen(iface = IN_IFACE)
# Open /dev/net/tun in TAP (ether) mode
f = os.open("/dev/net/tun", os.O_RDWR)
ifs = ioctl(f, TUNSETIFF, struct.pack("16sH", "wj%d", TUNMODE))
ifname = ifs[:16].strip("\x00")
print "Interface %s created. Configure it and use it" % ifname
# Speed optimization si Scapy does not have to parse payloads
Ether.payload_guess = []
SNAP.payload_guess = []
try:
while 1:
r = select([f, s], [], [])[0]
def _can_sniff():
try:
scapy_conf.L2listen()
except RuntimeError:
return False
return True
