16. Uses the libpcap library behind the scenes to capture packets off the network
17. Libpcap -> Is the most basic library and most widely used for packet capturing. Almost every network security tool which requires packet capturing is based on libpcap
18.
19. Pylibcap - Python module for the libpcap packet capture library, based on the original python libpcap module by Aaron Rhodes, hosted on SF, latest stable rel 0.6.2
48. Optionally the dispatch method can be used to pass the packet to a call-back function. The callback function accepts the time-stamp, pkt and any other arguments.
49. The loop method works similarly, but in an infinite loop.
50. Examples Import pcap pc = pcap.pcap('wlan0') pc.setfilter('icmp') def process(ts, pkt, *args): """ Process packets """ print ts, pkt if __name__ == "__main__": try: pc.loop(process) except Exception: pc.stats()
59. Using dpkt with pypcap A simple example which prints details of IP traffic in the network. import pcap, dpkt, socket pc = pcap.pcap('wlan0') count =0 def process(ts, pkt, *args): eth = dpkt.ethernet.Ethernet(pkt) ip = eth.data if ip.__class__==dpkt.ip.IP: global count count += 1
72. A slow port-scanner from scapy import * def scan(ip,start=80,end=443): open_ports = [] ip=IP(dst=ip)/TCP(dport=range(start,end+1), flags='S') results=sr(ip,verbose=0,timeout=30) for res in results[0]: if res[1]==None: continue if res[1].payload.flags==18: print 'Port %d is open' % res[0].dport open_ports.append(res[0].dport) return open_ports if __name__ == "__main__": print scan('random.org')