Demo entry 6345277

sniff_scapy

   

Submitted by Melih on Jan 30, 2017 at 19:44
Language: Python. Code size: 3.0 kB.

from scapy.all import * 
import pygeoip  # to locate the IP addresses
from IPy import IP as IPLIB  # to know the private IP addresses 
from socket import *
import time # to save the file with the current date

conversations={}
exclude_ips= ['10.0.0.18','127.0.0.1']

def saveToFile(traceInfo):
    try:
        # create the file log object
        filename = 'network_monitor_log_' + time.strftime("%d_%m_%Y") + '.txt'
        fileLog = open(filename,'a')
        # write the trace information to the file
        fileLog.write(traceInfo)
        # write a separator
        fileLog.write('\r\n')
        fileLog.write('...................................')
        fileLog.write('\r\n')
        # close the file log object
        fileLog.close()
    except:
        pass

def getInfo(ipAddress):
    try:
        # try to resolve the IP address
        hostName = gethostbyaddr(ipAddress)[0]
    except:
        # could not resolve the address
        hostName= ""
    #convert the IP to a valid IP object
    ip=IPLIB(ipAddress)
    # do not proceed if the IP is private
    if(ip.iptype()=='PRIVATE'):
        return 'private IP, Host Name: ' + hostName

    try:
        # initialize the GEOIP object
        geoip = pygeoip.GeoIP('GeoIP.dat')
        # get the record info
        ipRecord = geoip.record_by_addr(ipAddress)
        # extract the country name
        country = ipRecord['country_name']
        # return 'Country: %s, Host: %s'% (country,hostName)
    except Exception, ex:
        # GeoIP could not locate the IP address
        return "Can't locate " + ipAddress + " Host:" + hostName

def printPacket(sourceIP,destionationIP):
    # assemble the message that we need to print and save
    traceInfo = '[+] Source (%s): %s --> Destination (%s): %s '% (sourceIP,getInfo(sourceIP),destinationIP,getInfo(destionationIP))
    # print traceInfo
    print traceInfo
    # save it to a file
    saveToFile(traceInfo)

def startMonitoring(pkt):
    try:
        if pkt.haslayer(IP):
            # get the source IP address
            sourceIP = pkt.getlayer(IP).src
            # get the destionation IP address
            destionationIP = pkt.getlayer(IP).dst

        if(destionationIP in exclude_ips):
            return;

        # generate a unique key to avoid duplication
        uniqueKey = sourceIP+destinationIP   

        # if we already processed the packet, then don't proceed further
        if(not conversations.has_key(uniqueKey)):
            # store a flag in the array to avoid duplication
            conversations[uniqueKey] = 1
            # call the print packet function
            printPacket(sourceIP, destionationIP)
    except Exception, ex:
        print "Exception:" + str(ex)
        pass

def main():
    # start sniffing by filtering only the IP packets without storing anything inside the memory.
    sniff(prn=startMonitoring,store=0,filter="ip")

if __name__ = '__main__': 
    main()

This snippet took 0.00 seconds to highlight.

Back to the Entry List or Home.

Delete this entry (admin only).