Python-scapy Study Notes-(1), pythonscapy

Python-scapy Study Notes-(1), pythonscapy

Main function: sniff

Sniff (filter = "", iface = "any", prn = function, count = N)

The filter parameter allows us to specify a BPF (Wireshark type) filter for Scapy sniffing data packets, or leave it blank to sniff all data packets.

For example, sniffing all HTTP data packets and tcp port 80 BPF Filtering

The iface parameter sets the NIC to be sniffed by the sniffer. If it is left blank, all NICs are sniffed.

Example: wlan0

The prn parameter specifies the callback function called when packets that meet the filter conditions are sniffed. This callback function uses the received data packet object as the unique parameter.

For example:

Def pack_callback (packet ):
Print packet. show ()

Sniff (prn = pack_callback, iface = "wlan0", count = 1)

The count parameter specifies the number of data packets to be sniffed. If left blank, the default value is unlimited.

 

Add the source code of the sniffer mail.

 

#coding:utf-8
from scapy.all import *
def pack_callback(packet):
    print packet.show()
    if packet[TCP].payload:
        mail_packet=str(packet[TCP].payload)
        if "user" in mail_packet.lower() or "pass" in mail_packet.lower():
            print "Server:%s"%packet[IP].dst
            print "%s"%packet[TCP].payload

sniff(filter="tcp port 110 or tcp port 25 or tcp port 143",prn=pack_callback,iface="wlan0",count=0)