Packet Sniffing in Windows and Linux Using Python
In this article i am going to show how you can do packet sniffing in Windows and Linux.
A packet analyzer (also known as a network analyzer, protocol analyzer or packet sniffer—or, for particular types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or piece of computer hardware that can intercept and log traffic that passes over a digital network or part of a network.
Accessing raw sockets in Windows is slightly different than on its Linux brethren, but we want to
have the flexibility to deploy the same sniffer to multiple platforms. We will create our socket object
and then determine which platform we are running on. Windows requires us to set some additional
flags through a socket input/output control (IOCTL),which enables promiscuous mode on the
network interface. In our first example, we simply set up our raw socket sniffer, read in a single
packet, and then quit.
have the flexibility to deploy the same sniffer to multiple platforms. We will create our socket object
and then determine which platform we are running on. Windows requires us to set some additional
flags through a socket input/output control (IOCTL),which enables promiscuous mode on the
network interface. In our first example, we simply set up our raw socket sniffer, read in a single
packet, and then quit.
import socket
import os
# host to listen on
host = “192.168.0.196”
# create a raw socket and bind it to the public interface
if os.name == “nt”:
import os
# host to listen on
host = “192.168.0.196”
# create a raw socket and bind it to the public interface
if os.name == “nt”:
socket_protocol = socket.IPPROTO_IP
else:
socket_protocol = socket.IPPROTO_ICMP
sniffer = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket_protocol)
sniffer.bind((host, 0))
# we want the IP headers included in the capture
else:
socket_protocol = socket.IPPROTO_ICMP
sniffer = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket_protocol)
sniffer.bind((host, 0))
# we want the IP headers included in the capture
luded in the capture
sniffer.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
# if we’re using Windows, we need to send an IOCTL
# to set up promiscuous mode
sniffer.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
# if we’re using Windows, we need to send an IOCTL
# to set up promiscuous mode
if os.name == “nt”:
sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)
# read in a single packet
sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)
# read in a single packet
print sniffer.recvfrom(65565)
# if we’re using Windows, turn off promiscuous mode
if os.name == “nt”:
sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_OFF)
if os.name == “nt”:
sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_OFF)
We start by constructing our socket object with the parameters necessary for sniffing packets on our
network interface . The difference between Windows and Linux is that Windows will allow us to
sniff all incoming packets regardless of protocol, whereas Linux forces us to specify that we are
sniffing ICMP. Note that we are using promiscuous mode, which requires administrative privileges on
Windows or root on Linux. Promiscuous mode allows us to sniff all packets that the network card
sees, even those not destined for your specific host. Next we set a socket option that includes the
IP headers in our captured packets. The next step is to determine if we are using Windows, and if
so, we perform the additional step of sending an IOCTL to the network card driver to enable
promiscuous mode. If you’re running Windows in a virtual machine, you will likely get a notification
that the guest operating system is enabling promiscuous mode; you, of course, will allow it. Now we
are ready to actually perform some sniffing, and in this case we are simply printing out the entire raw
packet with no packet decoding. This is just to test to make sure we have the core of our sniffing
code working. After a single packet is sniffed, we again test for Windows, and disable promiscuous
mode before exiting the script.
network interface . The difference between Windows and Linux is that Windows will allow us to
sniff all incoming packets regardless of protocol, whereas Linux forces us to specify that we are
sniffing ICMP. Note that we are using promiscuous mode, which requires administrative privileges on
Windows or root on Linux. Promiscuous mode allows us to sniff all packets that the network card
sees, even those not destined for your specific host. Next we set a socket option that includes the
IP headers in our captured packets. The next step is to determine if we are using Windows, and if
so, we perform the additional step of sending an IOCTL to the network card driver to enable
promiscuous mode. If you’re running Windows in a virtual machine, you will likely get a notification
that the guest operating system is enabling promiscuous mode; you, of course, will allow it. Now we
are ready to actually perform some sniffing, and in this case we are simply printing out the entire raw
packet with no packet decoding. This is just to test to make sure we have the core of our sniffing
code working. After a single packet is sniffed, we again test for Windows, and disable promiscuous
mode before exiting the script.
For Any Clarifications To command below..
ReplyDeleteMy life was falling apart, I was being cheated and abused, I had to know the truth and needed proof. I contacted a private investigator that linked me with onlineghost who took care of the hack job. He hacked his iPhone,Facebook,Instagram, Whats app, twitter and email account. I got all I wanted as proof . I”m glad i had a proven truth he was cheating . Contact him for any hack job. Tell him i referred you to him, he will surely meet your hack need. Contact: onlineghosthacker247@ gmail .com
Do you need to increase your credit score?
ReplyDeleteDo you intend to upgrade your school grade?
Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
Do you need any information concerning any database.
Do you need to retrieve deleted files?
Do you need to clear your criminal records or DMV?
Do you want to remove any site or link from any blog?
you should contact this hacker, he is reliable and good at the hack jobs..
contact : cybergoldenhacker at gmail dot com