github.com/Coalfire-Research/Slackor@v0.0.0-20191010164036-aa32a7f9250b/impacket/examples/sniff.py (about) 1 #!/usr/bin/env python 2 # SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved. 3 # 4 # This software is provided under under a slightly modified version 5 # of the Apache Software License. See the accompanying LICENSE file 6 # for more information. 7 # 8 # Simple packet sniffer. 9 # 10 # This packet sniffer uses the pcap library to listen for packets in 11 # transit over the specified interface. The returned packages can be 12 # filtered according to a BPF filter (see tcpdump(3) for further 13 # information on BPF filters). 14 # 15 # Note that the user might need special permissions to be able to use pcap. 16 # 17 # Authors: 18 # Maximiliano Caceres <max@coresecurity.com> 19 # Javier Kohen <jkohen@coresecurity.com> 20 # 21 # Reference for: 22 # pcapy: findalldevs, open_live. 23 # ImpactDecoder. 24 25 import sys 26 from threading import Thread 27 import pcapy 28 from pcapy import findalldevs, open_live 29 30 from impacket.ImpactDecoder import EthDecoder, LinuxSLLDecoder 31 32 33 class DecoderThread(Thread): 34 def __init__(self, pcapObj): 35 # Query the type of the link and instantiate a decoder accordingly. 36 datalink = pcapObj.datalink() 37 if pcapy.DLT_EN10MB == datalink: 38 self.decoder = EthDecoder() 39 elif pcapy.DLT_LINUX_SLL == datalink: 40 self.decoder = LinuxSLLDecoder() 41 else: 42 raise Exception("Datalink type not supported: " % datalink) 43 44 self.pcap = pcapObj 45 Thread.__init__(self) 46 47 def run(self): 48 # Sniff ad infinitum. 49 # PacketHandler shall be invoked by pcap for every packet. 50 self.pcap.loop(0, self.packetHandler) 51 52 def packetHandler(self, hdr, data): 53 # Use the ImpactDecoder to turn the rawpacket into a hierarchy 54 # of ImpactPacket instances. 55 # Display the packet in human-readable form. 56 print(self.decoder.decode(data)) 57 58 59 def getInterface(): 60 # Grab a list of interfaces that pcap is able to listen on. 61 # The current user will be able to listen from all returned interfaces, 62 # using open_live to open them. 63 ifs = findalldevs() 64 65 # No interfaces available, abort. 66 if 0 == len(ifs): 67 print("You don't have enough permissions to open any interface on this system.") 68 sys.exit(1) 69 70 # Only one interface available, use it. 71 elif 1 == len(ifs): 72 print('Only one interface present, defaulting to it.') 73 return ifs[0] 74 75 # Ask the user to choose an interface from the list. 76 count = 0 77 for iface in ifs: 78 print('%i - %s' % (count, iface)) 79 count += 1 80 idx = int(input('Please select an interface: ')) 81 82 return ifs[idx] 83 84 def main(filter): 85 dev = getInterface() 86 87 # Open interface for catpuring. 88 p = open_live(dev, 1500, 0, 100) 89 90 # Set the BPF filter. See tcpdump(3). 91 p.setfilter(filter) 92 93 print("Listening on %s: net=%s, mask=%s, linktype=%d" % (dev, p.getnet(), p.getmask(), p.datalink())) 94 95 # Start sniffing thread and finish main thread. 96 DecoderThread(p).start() 97 98 # Process command-line arguments. Take everything as a BPF filter to pass 99 # onto pcap. Default to the empty filter (match all). 100 filter = '' 101 if len(sys.argv) > 1: 102 filter = ' '.join(sys.argv[1:]) 103 104 main(filter)