sniffer in python

[billiejoex]

Hi!
I made a little, simple program that sends strings over an ICMP packet.
The source here:
http://billiejoex.altervista.org/a1.txt

Now all I need is create a simple network sniffer able to sniff the ICMP
packets and print the strings on the screen.
A useful library known in a lot of other programming languages is 'libcap'
(winpcap for win32 platforms).
For python exist a porting called pcapy:
http://oss.coresecurity.com/projects/pcapy.html
....that I'd like to use BUT... all the examples reported on the sites don't
works!!
Is there someone who has already created a network sniffer in python?
It shouldn't be too much difficult...

Best regards

 

[Peter Hansen]

For python exist a porting called pcapy:
http://oss.coresecurity.com/projects/pcapy.html
...that I'd like to use BUT... all the examples reported on the sites don't
works!!

It usually helps to describe *in what way* things don't work.

Do they crash? If so, provide the full traceback.

Do they not install? If so, provide error messages.

Do they appear to run but without visible signs of activity? If so, say
so... and describe exactly what options you were using, what platform
and version of platform, Python, and library you are using, and any
other conditions relevant to the situation.

Help us help you...

(Alternative suggestion: use whatever mailing list is provided for that
specific project, if there is one, so you get access to more people with
direct knowledge of what might go wrong.)

-Peter

 

[billiejoex]

Thank you for your fast reply. You're right. I'll be more specific, sorry.
The example source is the one you can find on the 'Impacket' page on the
same site of pcapy:
http://oss.coresecurity.com/impacket/sniff.py
I use a Win XP prof sp2 system, python ver. 2.4.1.
Here's the output:

C:\Python24>1.py
Traceback (most recent call last):
File "C:\Python24\1.py", line 107, in ?
main(filter)
File "C:\Python24\1.py", line 88, in main
dev = getInterface()
File "C:\Python24\1.py", line 81, in getInterface
print '%i - %s' % (count, iface)
File "C:\Python23\lib\encodings\cp850.py", line 18, in encode
return codecs.charmap_encode(input,errors,encoding_map)
UnicodeEncodeError: 'charmap' codec can't encode characters in position
4-19: ch
aracter maps to <undefined>

 

[Peter Hansen]

Thank you for your fast reply. You're right. I'll be more specific, sorry.
The example source is the one you can find on the 'Impacket' page on the
same site of pcapy:
http://oss.coresecurity.com/impacket/sniff.py
I use a Win XP prof sp2 system, python ver. 2.4.1.
Here's the output:

C:\Python24>1.py
Traceback (most recent call last):
File "C:\Python24\1.py", line 107, in ?
main(filter)
File "C:\Python24\1.py", line 88, in main
dev = getInterface()
File "C:\Python24\1.py", line 81, in getInterface
print '%i - %s' % (count, iface)
File "C:\Python23\lib\encodings\cp850.py", line 18, in encode
return codecs.charmap_encode(input,errors,encoding_map)
UnicodeEncodeError: 'charmap' codec can't encode characters in position
4-19: ch
aracter maps to <undefined>

Helping you learn to troubleshoot from tracebacks: look at the line
preceding the failing call. Can you guess anything about what in that
line might be causing an encode() call? The count variable is,
presumably, just an integer, so %i wouldn't like have to do more than
convert it to a string. %s, however, asks for "iface" to be turned into
a string... if it were not already a string (i.e. it's a unicode?) it
would have to be encoded. What does iface contain and where did it come
from? Can you make it be just a string? Does that change or fix anything?

-Peter

 

[billiejoex]

Thanks for your help. Like you suggested I converted the integer value in a
string one by using the repr() funtion applied on the print:

print '%d \n %s' %(count, repr(iface))

The program now permit me to select the interface. The output is in a
strange hex-similar form:

C:\Python24>test.py
0
u'\u445c\u7665\u6369\u5c65\u504e\u5f46\u6547\u656e\u6972\u4e63\u6964\u5773\u6e61\u6441\u7061\u6574r\u445c\u7665\u6369\u5c65\u504e\u5f46\u317b\u4534\u3544\u3642\u2d31\u3030\u3942\u342d\u4441\u2d39\u3341\u4345\u382d\u3033\u3246\u3938\u3241\u4531\u7d44\u5c00\u6544\u6976\u6563\u4e5c\u4650\u7b5f\u3541\u3630\u3934\u3434\u452d\u4230\u2d37\u3634\u3239\u382d\u4237\u2d35\u4630\u3133\u4244\u3933\u3532\u3943}\u445c\u7665\u6369\u5c65\u504e\u5f46\u377b\u4337\u3644\u3034\u2d31\u3841\u3143\u342d\u3743\u2d43\u3241\u4633\u432d\u3731\u3037\u3538\u3234\u4538\u7d34'1 u'\u6547\u656e\u6972\u2063\u644e\u7369\u6157\u206e\u6461\u7061\u6574r\u4d56\u6177\u6572\u5620\u7269\u7574\u6c61\u4520\u6874\u7265\u656e\u2074\u6441\u7061\u6574r\u4d56\u6177\u6572\u5620\u7269\u7574\u6c61\u4520\u6874\u7265\u656e\u2074\u6441\u7061\u6574r\u564e\u4449\u4149\u6e20\u6f46\u6372\u2065\u434d\u2050\u654e\u7774\u726f\u696b\u676e\u4120\u6164\u7470\u7265\u4420\u6972\u6576\u2072\u4d28\u6369\u6f72\u6f73\u7466\u7327\u5020\u6361\u656b\u2074\u6353\u6568\u7564\u656c\u2972 'Please select an interface: 0When I select the interface (0 or 1) I encounter an encoding error:Traceback (most recent call last): File "C:\Python24\test.py", line 108, in ? main(filter) File "C:\Python24\test.py", line 92, in main p = open_live(dev, 1500, 0, 100)UnicodeEncodeError: 'ascii' codec can't encode characters in position 0-15rdinal not in range(128)- How con I resolve this encoding problem?- How can I display the interface names in a 'human' form?Best regardsbillie> Helping you learn to troubleshoot from tracebacks: look at the linepreceding the failing call. Can you guess anything about what in that linemight be causing an encode() call? The count variable is, presumably, justan integer, so %i wouldn't like have to do more than convert it to a string.%s, however, asks for "iface" to be turned into a string... if it were notalready a string (i.e. it's a unicode?) it would have to be encoded. Whatdoes iface contain and where did it come from? Can you make it be just astring? Does that change or fix anything?>> -Peter

 

[billiejoex]

Sorry... the text has been wrong formatted. Read this, plz >>>

Thanks for your help. Like you suggested I converted the integer value in a
string one by using the repr() funtion applied on the print:
print '%d \n %s' %(count, repr(iface))
The program now permit me to select the interface. The output is in a
strange hex-similar form:
http://billiejoex.altervista.org/test.txt

When I select the interface (0 or 1) I encounter an encoding error:
Traceback (most recent call last):
File "C:\Python24\test.py", line 108, in ?
main(filter)
File "C:\Python24\test.py", line 92, in main
p = open_live(dev, 1500, 0, 100)
UnicodeEncodeError: 'ascii' codec can't encode characters in position 0-15:
ordi
nal not in range(128)

- How con I resolve this encoding problem?
- How can I display the interface names in a 'human' form?

Best regards
billie

 

[billiejoex]

Moreover the getInterface() function seems to be unexistent:
Traceback (most recent call last):
File "<stdin>", line 1, in ?
NameError: name 'getInterface' is not defined

Maybe it can be used only on *nix platforms?