In [1]:
from scapy.all import * # this makes me cringe
WARNING: No route found for IPv6 destination :: (no default route?)
WARNING:scapy.runtime:No route found for IPv6 destination :: (no default route?)
In [2]:
a = sniff(iface="en0", filter="tcp and port 80", count=10)
In [3]:
a
Out[3]:
<Sniffed: TCP:10 UDP:0 ICMP:0 Other:0>
In [4]:
a.res
Out[4]:
[<Ether dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP version=4L ihl=5L tos=0x0 len=64 id=650 flags=DF frag=0L ttl=64 proto=tcp chksum=0x9f88 src=10.25.3.61 dst=184.73.211.6 options=[] |<TCP sport=53491 dport=http seq=3474155615 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0xecd6 urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433615, 0)), ('SAckOK', ''), ('EOL', None)] |>>>,
<Ether dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP version=4L ihl=5L tos=0x0 len=64 id=41196 flags=DF frag=0L ttl=64 proto=tcp chksum=0xb59a src=10.25.3.61 dst=50.31.164.188 options=[] |<TCP sport=53492 dport=http seq=3315328916 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0x2b8d urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433615, 0)), ('SAckOK', ''), ('EOL', None)] |>>>,
<Ether dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP version=4L ihl=5L tos=0x0 len=64 id=40761 flags=DF frag=0L ttl=64 proto=tcp chksum=0xb74d src=10.25.3.61 dst=50.31.164.188 options=[] |<TCP sport=53493 dport=http seq=700164627 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0x4ee urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433615, 0)), ('SAckOK', ''), ('EOL', None)] |>>>,
<Ether dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP version=4L ihl=5L tos=0x0 len=64 id=26980 flags=DF frag=0L ttl=64 proto=tcp chksum=0x38ae src=10.25.3.61 dst=184.73.211.6 options=[] |<TCP sport=53494 dport=http seq=2552994569 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0xf110 urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433616, 0)), ('SAckOK', ''), ('EOL', None)] |>>>,
<Ether dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP version=4L ihl=5L tos=0x0 len=64 id=48861 flags=DF frag=0L ttl=64 proto=tcp chksum=0xe334 src=10.25.3.61 dst=184.73.211.6 options=[] |<TCP sport=53495 dport=http seq=1279463156 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0xc90d urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433616, 0)), ('SAckOK', ''), ('EOL', None)] |>>>,
<Ether dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP version=4L ihl=5L tos=0x0 len=64 id=14036 flags=DF frag=0L ttl=64 proto=tcp chksum=0x6b3e src=10.25.3.61 dst=184.73.211.6 options=[] |<TCP sport=53496 dport=http seq=2445014061 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0x9e5a urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433616, 0)), ('SAckOK', ''), ('EOL', None)] |>>>,
<Ether dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP version=4L ihl=5L tos=0x0 len=64 id=60321 flags=DF frag=0L ttl=64 proto=tcp chksum=0xb670 src=10.25.3.61 dst=184.73.211.6 options=[] |<TCP sport=53497 dport=http seq=405324467 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0x4967 urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433616, 0)), ('SAckOK', ''), ('EOL', None)] |>>>,
<Ether dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP version=4L ihl=5L tos=0x0 len=64 id=34902 flags=DF frag=0L ttl=64 proto=tcp chksum=0x19bc src=10.25.3.61 dst=184.73.211.6 options=[] |<TCP sport=53498 dport=http seq=3477655716 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0x8454 urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433616, 0)), ('SAckOK', ''), ('EOL', None)] |>>>,
<Ether dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP version=4L ihl=5L tos=0x0 len=64 id=31060 flags=DF frag=0L ttl=64 proto=tcp chksum=0xd487 src=10.25.3.61 dst=192.33.31.101 options=[] |<TCP sport=53499 dport=http seq=3025988404 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0x3030 urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433689, 0)), ('SAckOK', ''), ('EOL', None)] |>>>,
<Ether dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP version=4L ihl=5L tos=0x0 len=64 id=33529 flags=DF frag=0L ttl=64 proto=tcp chksum=0xcae2 src=10.25.3.61 dst=192.33.31.101 options=[] |<TCP sport=53500 dport=http seq=1607594496 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0x7dee urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433689, 0)), ('SAckOK', ''), ('EOL', None)] |>>>]
In [5]:
a.res[0] # first packet
Out[5]:
<Ether dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP version=4L ihl=5L tos=0x0 len=64 id=650 flags=DF frag=0L ttl=64 proto=tcp chksum=0x9f88 src=10.25.3.61 dst=184.73.211.6 options=[] |<TCP sport=53491 dport=http seq=3474155615 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0xecd6 urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433615, 0)), ('SAckOK', ''), ('EOL', None)] |>>>
In [6]:
a.res[0].show()
###[ Ethernet ]###
dst = 00:1d:70:df:2d:11
src = 14:10:9f:e1:54:9b
type = 0x800
###[ IP ]###
version = 4L
ihl = 5L
tos = 0x0
len = 64
id = 650
flags = DF
frag = 0L
ttl = 64
proto = tcp
chksum = 0x9f88
src = 10.25.3.61
dst = 184.73.211.6
\options \
###[ TCP ]###
sport = 53491
dport = http
seq = 3474155615
ack = 0
dataofs = 11L
reserved = 0L
flags = S
window = 65535
chksum = 0xecd6
urgptr = 0
options = [('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433615, 0)), ('SAckOK', ''), ('EOL', None)]
Content source: econchick/spy
Similar notebooks: