Tools-with-Python-Black-Hat-Python-2nd-Edition-/Chapter 3. Writing a Sniffer/sniffer.py at main · dollarboysushil/Tools-with-Python-Black-Hat-Python-2nd-Edition- · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
'''
We could also build additional logic into our scanner to kick off full
Nmap port scans on any hosts we discover. That way, we can determine if
they have a viable network attack surface. This is an exercise left for the
reader, and we the authors look forward to hearing some of the creative
ways you can expand this core concept. Let’s get started.
'''

import socket
import os
import struct
import ipaddress
import sys

HOST = '192.168.1.68'


class IP:
    def __init__(self, buff = None):
        header = struct.unpack('<BBHHHBBH4s4s', buff)
        self.ver = header[0] >> 4
        self.ihl = header[0] & 0xF
        self.tos = header[1]
        self.len = header[2]
        self.id = header[3]
        self.offset = header[4]
        self.ttl = header[5]
        self.protocol_num = header[6]
        self.sum = header[7]
        self.src = header[8]
        self.dst = header[9]


        self.src_address = ipaddress.ip_address(self.src)
        self.dst_address = ipaddress.ip_address(self.dst)

        self.protocol_map= {1:"ICMP", 6:"TCP", 17:"UDP"}

        try:
            self.protocol = self.protocol_map[self.protocol_num]
        except Exception as e:
            print('%s No protocol for %s' % (e,self.protocol_num))
            self.protocol = str(self.protocol_num)

    def sniff(host):

        if os.name == 'nt':
            socket_protocol = socket.IPPROTO_IP
        else:
            socket_protocol = socket.IPPROTO_ICMP

        sniffer = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket_protocol)
        sniffer.bind((HOST, 0))


        sniffer.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)

        if os.name == 'nt':

            sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)


        try:
            while True:

                raw_buffer = sniffer.recvfrom(65535)[0]

                ip_header = IP(raw_buffer[0:20])

                print('Protocol: %s %s  -> %s' %(ip_header.protocol, ip_header.src_address, ip_header.dst_address))

        except KeyboardInterrupt:

            if os.name == 'nt':

                sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_OFF)

            sys.exit()


if __name__ == '__main__':
    if len(sys.argv) == 2:
        host = sys.argv[1]

    else:
        host = HOST

    IP.sniff(host)