Wednesday, June 24, 2015

Not So Quick and Dirty Python Raw Packet Sniffer

Ok, before I start this post, I have to give credit where credit is due...

The majority of this code (and where I learned to do it) came from the Cybrary.it Python for Security Professionals course by Joe Perry. Also, BIG thanks to Natron for reminding me of the .split() function of strings. Man, that one took a couple hours. :-(

However, some of it was tweaked by me, and I added a little more functionality to it than it had before, and frankly, I'm proud that I was able to follow through on this.

I'm not a coder, you see, and I don't even play one on TV. Yet. (**Note to self, see if Scorpion needs a new fat guy...)

Anyway, before I digress any further, let me share my version of the Not So Quick and Dirty Raw Socket Packet Sniffer, or the NSQDRSPS. I think that needs a new acronym. Ahem.

You'll see (if you went through the course) that I added the ICMP breakdown, and the hex coding of the data after the headers, so you can see what you're looking at. It may not be the prettiest, or the most eloquent (I might work on that later, this is Python after all), but it functions pretty well.

Note: You have to run this on a OS that can use raw sockets (read: NOT Windows).

Find the code here: https://github.com/Bl0ckbuster/Repo/blob/master/Aaron_Sniffer.py

Enjoy everyone, and if you run it, please let me know what you think. Changes? Requests? Etc? I'd love to hear from you.

Aaron