We can supply command-line arguments, for example, the network interface name and TCP port number, for sniffing.
Listing 8.1 gives the code for sniffing packets on your network, as follows:
#!/usr/bin/env python # Python Network Programming Cookbook, Second Edition -- Chapter - 8 # This program is optimized for Python 2.7.12. # It may run on any other version with/without modifications. import argparse import pcap from construct.protocols.ipstack import ip_stack def print_packet(pktlen, data, timestamp): """ Callback for priniting the packet payload""" if not data: return stack = ip_stack.parse(data) payload = stack.next.next.next print (payload) def main(): # setup commandline arguments parser = argparse.ArgumentParser(description='Packet Sniffer') parser.add_argument('--iface', action="store",
dest="iface", default='eth0') parser.add_argument('--port', action="store",
dest="port", default=80, type=int) # parse arguments given_args = parser.parse_args() iface, port = given_args.iface, given_args.port # start sniffing pc = pcap.pcapObject() pc.open_live(iface, 1600, 0, 100) pc.setfilter('dst port %d' %port, 0, 0) print ('Press CTRL+C to end capture') try: while True: pc.dispatch(1, print_packet) except KeyboardInterrupt: print ('Packet statistics: %d packets received,
%d packets dropped, %d packets
dropped by the interface' % pc.stats()) if __name__ == '__main__': main()
If you run this script by passing the command-line arguments, --iface=eth0 and --port=80, this script will sniff all the HTTP packets from your web browser. So, after running this script, if you access http://www.google.com on your browser, you can then see a raw packet output like the following:
python 18_1_packet_sniffer.py --iface=eth0 --port=80 Press CTRL+C to end capture '' 0000 47 45 54 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a GET / HTTP/1.1.. 0010 48 6f 73 74 3a 20 77 77 77 2e 67 6f 6f 67 6c 65 Host: www.google 0020 2e 63 6f 6d 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e .com..Connection 0030 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 41 63 : keep-alive..Ac 0040 63 65 70 74 3a 20 74 65 78 74 2f 68 74 6d 6c 2c cept: text/html, 0050 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 68 74 6d application/xhtm 0060 6c 2b 78 6d 6c 2c 61 70 70 6c 69 63 61 74 69 6f l+xml,applicatio 0070 6e 2f 78 6d 6c 3b 71 3d 30 2e 39 2c 2a 2f 2a 3b n/xml;q=0.9,*/*; 0080 71 3d 30 2e 38 0d 0a 55 73 65 72 2d 41 67 65 6e q=0.8..User-Agen 0090 74 3a 20 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 t: Mozilla/5.0 ( 00A0 58 31 31 3b 20 4c 69 6e 75 78 20 69 36 38 36 29 X11; Linux i686) 00B0 20 41 70 70 6c 65 57 65 62 4b 69 74 2f 35 33 37 AppleWebKit/537 00C0 2e 33 31 20 28 4b 48 54 4d 4c 2c 20 6c 69 6b 65 .31 (KHTML, like 00D0 20 47 65 63 6b 6f 29 20 43 68 72 6f 6d 65 2f 32 Gecko) Chrome/2 00E0 36 2e 30 2e 31 34 31 30 2e 34 33 20 53 61 66 61 6.0.1410.43 Safa 00F0 72 69 2f 35 33 37 2e 33 31 0d 0a 58 2d 43 68 72 ri/537.31..X-Chr 0100 6f 6d 65 2d 56 61 72 69 61 74 69 6f 6e 73 3a 20 ome-Variations: 0110 43 50 71 31 79 51 45 49 6b 62 62 4a 41 51 69 59 CPq1yQEIkbbJAQiY 0120 74 73 6b 42 43 4b 4f 32 79 51 45 49 70 37 62 4a tskBCKO2yQEIp7bJ 0130 41 51 69 70 74 73 6b 42 43 4c 65 32 79 51 45 49 AQiptskBCLe2yQEI 0140 2b 6f 50 4b 41 51 3d 3d 0d 0a 44 4e 54 3a 20 31 +oPKAQ==..DNT: 1 0150 0d 0a 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e ..Accept-Encodin 0160 67 3a 20 67 7a 69 70 2c 64 65 66 6c 61 74 65 2c g: gzip,deflate, 0170 73 64 63 68 0d 0a 41 63 63 65 70 74 2d 4c 61 6e sdch..Accept-Lan 0180 67 75 61 67 65 3a 20 65 6e 2d 47 42 2c 65 6e 2d guage: en-GB,en- 0190 55 53 3b 71 3d 30 2e 38 2c 65 6e 3b 71 3d 30 2e US;q=0.8,en;q=0. 01A0 36 0d 0a 41 63 63 65 70 74 2d 43 68 61 72 73 65 6..Accept-Charse 01B0 74 3a 20 49 53 4f 2d 38 38 35 39 2d 31 2c 75 74 t: ISO-8859-1,ut 01C0 66 2d 38 3b 71 3d 30 2e 37 2c 2a 3b 71 3d 30 2e f-8;q=0.7,*;q=0. 01D0 33 0d 0a 43 6f 6f 6b 69 65 3a 20 50 52 45 46 3d 3..Cookie: PREF= .... ^CPacket statistics: 17 packets received, 0 packets dropped, 0 packets dropped by the interface