Public Interface Sniffing

Public Interface Sniffing

Postby filipbekic01 » Fri Aug 12, 2016 6:29 pm

Hello everybody,

I have trouble with my sniffer. I'll be short and i'll try to explain this in best possible way. Here is my code (mostly copy-paste from python doc but it's not clear to me):

Code: Select all
import socket
import sys

# the public network interface
HOST = socket.gethostbyname(socket.gethostname())

# create a raw socket and bind it to the public interface
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, socket.IPPROTO_TCP)
s.bind((HOST, 0))

# receive all packages
s.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)

# receive a package
while True:
        data = s.recvfrom(65565)
        print data
    except socket.timeout:
        data = ''
        print 'An error happened'
        # exit program

The problem is, on my computer (Windows 10), i can see only UDP packets whereas on my friends PC (Windows 7/8) we can see UDP and TCP too. I tested program on one more PC which runs Windows 10 and that one got only UDP too.

Why am i not seeing TCP packets at all?

Also, can somebody explain me how comes that entire Ethernet frame is 1518 Bytes where as IP packet (which is inside Ethernet frame) is 65565 Bytes? I'm 100% i do not understand this and it's probably noobish question but i just can't find an answer on Google.

Last edited by micseydel on Fri Aug 12, 2016 6:40 pm, edited 1 time in total.
Reason: Initial post lock.
Posts: 1
Joined: Fri Aug 12, 2016 6:22 pm

Re: Public Interface Sniffing

Postby jamesgherrera » Sat Aug 20, 2016 10:19 am

Packet sniffers work by intercepting and logging network traffic that they can 'see' via the wired or wireless network interface that the packet sniffing software has access to on its host computer.On a wired network, what can be captured depends on the structure of the network. A packet sniffer might be able to see traffic on an entire network or only a certain segment of it, depending on how the network switches are configured, placed, etc. On wireless networks, packet sniffers can usually only capture one channel at a time unless the host computer has multiple wireless interfaces that allow for multichannel capture.
Last edited by ichabod801 on Sat Aug 20, 2016 11:59 am, edited 1 time in total.
Reason: First post lock
Posts: 1
Joined: Sat Aug 20, 2016 10:14 am

Re: Public Interface Sniffing

Postby wavic » Sat Aug 20, 2016 8:00 pm

With socket.bind(host, port) you bind the socket to an address when you create a server. Usually. In order to sniff the traffic the client have to connect to your server. What your sniffer prints are broadcast packets, probes and so on. That is how I see it. I've used socket module just once. And I am not close with all network protocols an layers. I am not a "cable guy" :roll:
However to receive all UDP packets you need this.
Code: Select all
 s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_UDP)
Posts: 165
Joined: Wed May 25, 2016 8:51 pm

Return to Networking

Who is online

Users browsing this forum: No registered users and 2 guests