Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Raw Socket Sniffer
import socket
from struct import *
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
while True:
pack = s.recvfrom(20000)
#Get the single element from the tuple
packet = pack[0]
#Extract the first 20 bytes
data = packet[0:20]
# Now we have to unpack each element from this raw data
ip_header_data = unpack('!BBHHHBBH4s4s', data)
#To the the ip version we have to shift
#the first element 4 bits right. Because in the first element
#is stored the ip version and the header lenght in this way
#first four bits are ip version and the last 4 bites are
#the header lenght
ip_version = ip_header_data[0] >> 4
#Now to get the header lenght we use "and" operation to make the
#Ip versional bits equal to zero, in order to the the desired data
IHL = ip_header_data[0] & 0x0F
#Diferentiated services doesn't need any magic opperations,
#so we jus grab it from the tuple
diff_services = ip_header_data[1]
#Total lenght is also easy to extract
total_length = ip_header_data[2]
#The same goes for identification
id_ = ip_header_data[3]
#The "Flags" and Fragment Offset are situated in a sinle
#element from the forth element of the tuple.
#Flag is 3 bits (Most significant), so we make "and" with 1110 0000 0000 0000(=0xE000)
#to leave 3 most significant bits and then shift them right 13 positions
flags = ip_header_data[4] & 0xE000 >> 13
#The next elements are easy to get
TTL = ip_header_data[5]
protocol = ip_header_data[6]
checksum = ip_header_data[7]
source = ip_header_data[8]
destinat = ip_header_data[9]
#and the rest data from the "packet" variable is the payload so we
#extract it also
payload = packet[20:]
print "___________NEW_PACKET__________________________"
print "Version: %s \n\rHeader lenght: %s" %(ip_version,IHL)
print "Diferentiated services: %s \n\rID: %s" %(diff_services, id_)
print "Flags: %s \n\rTTL: %s \n\rProtocol: %s" %(flags,TTL,protocol)
print "Checksum: %s \n\rSource: %s \n\rDestination: %s" %(checksum, socket.inet_ntoa(source),socket.inet_ntoa(destinat))
print "Payload: %s" %(payload)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment