Scapy Study Notes (4) Simple sniffing

Last Update:2013-11-15 Source: Internet

Author: User

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Reprint Please note: @ small Wuyi: http://www.cnblogs/xiaowuyi

Using the sniff command for simple sniffing can capture some simple packages. When no interface is specified, each interface is sniffed. When an interface is specified, only this interface is used.

For example;

>>> sniff(filter=,count=)

Result:

<Sniffed: TCP: 0 UDP: 0 ICMP: 0 Other: 0>

For example, the sniffing of the ppp0 Port:

>>> sniff(iface=,prn=lambda x:x.summary())

View Baidu and the result is as follows:

IP/UDP 27.214.219.76: 53144> 122.225.83.67: http/Raw
IP/UDP/DNS Qry "suggestion.baidu.com ."
IP/UDP/DNS Qry "suggestion.baidu.com ."
IP/UDP/DNS Ans "suggestion.a.shifen.com ."
IP/TCP 27.214.219.76: 37968> 123.125.114.101: http S
IP/UDP/DNS Ans "suggestion.a.shifen.com ."
IP/ICMP/IPerror/UDPerror/DNS Ans "suggestion.a.shifen.com ."
IP/TCP 123.125.114.101: http> 27.214.219.76: 37968 SA
IP/TCP 27.214.219.76: 37968> 123.125.114.101: http
IP/TCP 27.214.219.76: 37968> 123.125.114.101: http PA/Raw
IP/UDP 122.225.83.67: http> 27.214.219.76: 53144/Raw
IP/TCP 123.125.114.101: http> 27.214.219.76: 37968
IP/TCP 123.125.114.101: http> 27.214.219.76: 37968 PA/Raw
IP/TCP 27.214.219.76: 37968> 123.125.114.101: http
IP/TCP 123.125.114.101: http> 27.214.219.76: 37968 PA/Raw
IP/TCP 27.214.219.76: 37968> 123.125.114.101: http
IP/TCP 27.214.219.76: 37968> 123.125.114.101: http PA/Raw
IP/TCP 123.125.114.101: http> 27.214.219.76: 37968
IP/TCP 123.125.114.101: http> 27.214.219.76: 37968 PA/Raw
IP/TCP 27.214.219.76: 37968> 123.125.114.101: http
IP/TCP 123.125.114.101: http> 27.214.219.76: 37968 PA/Raw
IP/TCP 27.214.219.76: 37968> 123.125.114.101: http
IP/TCP 27.214.219.76: 45639> 61.135.169.125: http S
IP/TCP 61.135.169.125: http> 27.214.219.76: 45639 SA
IP/TCP 27.214.219.76: 45639> 61.135.169.125: http
IP/TCP 27.214.219.76: 45639> 61.135.169.125: http PA/Raw
IP/TCP 61.135.169.125: http> 27.214.219.76: 45639
IP/TCP 61.135.169.125: http> 27.214.219.76: 45639 PA/Raw
IP/TCP 27.214.219.76: 45639> 61.135.169.125: http
IP/TCP 61.135.169.125: http> 27.214.219.76: 45639 A/Raw
IP/TCP 27.214.219.76: 45639> 61.135.169.125: http
IP/TCP 61.135.169.125: http> 27.214.219.76: 45639 A/Raw
IP/TCP 27.214.219.76: 45639> 61.135.169.125: http
IP/TCP 61.135.169.125: http> 27.214.219.76: 45639 A/Raw
IP/TCP 27.214.219.76: 45639> 61.135.169.125: http
IP/TCP 61.135.169.125: http> 27.214.219.76: 45639 A/Raw
IP/TCP 27.214.219.76: 45639> 61.135.169.125: http
IP/TCP 61.135.169.125: http> 27.214.219.76: 45639 A/Raw
IP/TCP 27.214.219.76: 45639> 61.135.169.125: http
IP/TCP 61.135.169.125: http> 27.214.219.76: 45639 A/Raw
IP/TCP 27.214.219.76: 45639> 61.135.169.125: http
IP/TCP 61.135.169.125: http> 27.214.219.76: 45639 A/Raw
IP/TCP 27.214.219.76: 45639> 61.135.169.125: http
IP/TCP 61.135.169.125: http> 27.214.219.76: 45639 A/Raw
IP/TCP 27.214.219.76: 45639> 61.135.169.125: http
IP/TCP 61.135.169.125: http> 27.214.219.76: 45639 A/Raw
IP/TCP 27.214.219.76: 45639> 61.135.169.125: http
IP/TCP 61.135.169.125: http> 27.214.219.76: 45639 A/Raw
IP/TCP 27.214.219.76: 45639> 61.135.169.125: http
IP/TCP 61.135.169.125: http> 27.214.219.76: 45639 A/Raw
IP/TCP 27.214.219.76: 45639> 61.135.169.125: http
IP/TCP 61.135.169.125: http> 27.214.219.76: 45639 A/Raw
IP/TCP 27.214.219.76: 45639> 61.135.169.125: http
IP/TCP 61.135.169.125: http> 27.214.219.76: 45639 A/Raw
IP/TCP 27.214.219.76: 45639> 61.135.169.125: http
IP/TCP 61.135.169.125: http> 27.214.219.76: 45639 A/Raw
IP/TCP 27.214.219.76: 45639> 61.135.169.125: http
IP/TCP 61.135.169.125: http> 27.214.219.76: 45639 A/Raw
IP/TCP 27.214.219.76: 45639> 61.135.169.125: http
IP/TCP 61.135.169.125: http> 27.214.219.76: 45639 A/Raw
IP/TCP 27.214.219.76: 45639> 61.135.169.125: http
IP/TCP 61.135.169.125: http> 27.214.219.76: 45639 PA/Raw
IP/TCP 27.214.219.76: 45639> 61.135.169.125: http
IP/TCP 27.214.219.76: 55193> 60.55.35.47: http S
IP/UDP/DNS Qry "t11.baidu.com ."
IP/UDP/DNS Qry "t12.baidu.com ."
IP/TCP 27.214.219.76: 59056> 119.188.9.40: http S
IP/UDP/DNS Ans "image.jomodns.com ."
IP/TCP 27.214.219.76: 49797> 119.188.9.119: http S
IP/TCP 27.214.219.76: 49798> 119.188.9.119: http S
IP/TCP 27.214.219.76: 49799> 119.188.9.119: http S
IP/UDP/DNS Ans "image.jomodns.com ."
IP/TCP 27.214.219.76: 39103> 119.188.9.118: http S
IP/TCP 119.188.9.40: http> 27.214.219.76: 59056 SA
IP/TCP 27.214.219.76: 59056> 119.188.9.40: http
IP/TCP 119.188.9.119: http> 27.214.219.76: 49797 SA
IP/TCP 27.214.219.76: 49797> 119.188.9.119: http
IP/TCP 119.188.9.119: http> 27.214.219.76: 49798 SA
IP/TCP 27.214.219.76: 49798> 119.188.9.119: http
IP/TCP 119.188.9.119: http> 27.214.219.76: 49799 SA
IP/TCP 27.214.219.76: 49799> 119.188.9.119: http
IP/TCP 60.55.35.47: http> 27.214.219.76: 55193 SA
IP/TCP 27.214.219.76: 55193> 60.55.35.47: http
IP/TCP 27.214.219.76: 55193> 60.55.35.47: http PA/Raw
IP/TCP 119.188.9.118: http> 27.214.219.76: 39103 SA
IP/TCP 27.214.219.76: 39103> 119.188.9.118: http
IP/TCP 60.55.35.47: http> 27.214.219.76: 55193
IP/TCP 60.55.35.47: http> 27.214.219.76: 55193 PA/Raw
IP/TCP 27.214.219.76: 55193> 60.55.35.47: http
IP/TCP 27.214.219.76: 55193> 60.55.35.47: http PA/Raw
IP/TCP 27.214.219.76: 49797> 119.188.9.119: http PA/Raw
IP/TCP 27.214.219.76: 49798> 119.188.9.119: http PA/Raw
IP/TCP 27.214.219.76: 49799> 119.188.9.119: http PA/Raw
IP/TCP 27.214.219.76: 39103> 119.188.9.118: http PA/Raw
IP/TCP 27.214.219.76: 38864> 61.135.169.105: http S
IP/UDP/DNS Qry "a.baidu.com ."
IP/TCP 27.214.219.76: 59056> 119.188.9.40: http PA/Raw
IP/TCP 27.214.219.76: 59062> 119.188.9.40: http S
IP/TCP 27.214.219.76: 59063> 119.188.9.40: http S
IP/TCP 119.188.9.119: http> 27.214.219.76: 49797
IP/TCP 119.188.9.119: http> 27.214.219.76: 49797 PA/Raw
IP/TCP 27.214.219.76: 49797> 119.188.9.119: http
IP/TCP 27.214.219.76: 38867> 61.135.169.105: http S
IP/TCP 119.188.9.119: http> 27.214.219.76: 49798
IP/TCP 119.188.9.119: http> 27.214.219.76: 49798 PA/Raw
IP/TCP 27.214.219.76: 49798> 119.188.9.119: http
IP/TCP 119.188.9.119: http> 27.214.219.76: 49799
IP/TCP 119.188.9.119: http> 27.214.219.76: 49799 PA/Raw
IP/TCP 27.214.219.76: 49799> 119.188.9.119: http
IP/TCP 27.214.219.76: 37968> 123.125.114.101: http PA/Raw
IP/TCP 27.214.219.76: 50355> 61.135.185.194: http S
IP/UDP/DNS Qry "api.share.baidu.com ."
IP/TCP 119.188.9.118: http> 27.214.219.76: 39103
IP/TCP 119.188.9.118: http> 27.214.219.76: 39103 PA/Raw
IP/TCP 27.214.219.76: 39103> 119.188.9.118: http
IP/UDP/DNS Ans "asp.e.shifen.com ."
IP/TCP 60.55.35.47: http> 27.214.219.76: 55193 PA/Raw
IP/TCP 27.214.219.76: 53605> 123.125.114.38: http S
IP/TCP 27.214.219.76: 53606> 123.125.114.38: http S
IP/TCP 27.214.219.76: 55193> 60.55.35.47: http FA
IP/TCP 61.135.169.105: http> 27.214.219.76: 38864 SA
IP/TCP 27.214.219.76: 38864> 61.135.169.105: http
IP/TCP 27.214.219.76: 38864> 61.135.169.105: http PA/Raw
IP/TCP 119.188.9.40: http> 27.214.219.76: 59056
IP/TCP 119.188.9.40: http> 27.214.219.76: 59056 A/Raw
IP/TCP 27.214.219.76: 59056> 119.188.9.40: http
IP/TCP 119.188.9.40: http> 27.214.219.76: 59056 A/Raw
IP/TCP 27.214.219.76: 59056> 119.188.9.40: http
IP/TCP 119.188.9.40: http> 27.214.219.76: 59056 A/Raw
IP/TCP 27.214.219.76: 59056> 119.188.9.40: http
IP/TCP 119.188.9.40: http> 27.214.219.76: 59056 A/Raw
IP/TCP 27.214.219.76: 59056> 119.188.9.40: http
IP/TCP 119.188.9.40: http> 27.214.219.76: 59056 A/Raw
IP/TCP 27.214.219.76: 59056> 119.188.9.40: http
IP/TCP 119.188.9.40: http> 27.214.219.76: 59056 A/Raw
IP/TCP 27.214.219.76: 59056> 119.188.9.40: http
IP/TCP 119.188.9.40: http> 27.214.219.76: 59056 PA/Raw
IP/TCP 27.214.219.76: 59056> 119.188.9.40: http
IP/TCP 27.214.219.76: 59056> 119.188.9.40: http PA/Raw
IP/TCP 119.188.9.40: http> 27.214.219.76: 59062 SA
IP/TCP 27.214.219.76: 59062> 119.188.9.40: http
IP/TCP 119.188.9.40: http> 27.214.219.76: 59063 SA
IP/TCP 27.214.219.76: 59063> 119.188.9.40: http
IP/TCP 61.135.169.105: http> 27.214.219.76: 38867 SA
IP/TCP 27.214.219.76: 38867> 61.135.169.105: http
IP/UDP/DNS Ans "api.share.n.shifen.com ."
IP/TCP 27.214.219.76: 47655> 61.135.162.115: http S
IP/TCP 123.125.114.101: http> 27.214.219.76: 37968
IP/TCP 123.125.114.101: http> 27.214.219.76: 37968 PA/Raw
IP/TCP 27.214.219.76: 37968> 123.125.114.101: http
IP/TCP 123.125.114.101: http> 27.214.219.76: 37968 PA/Raw
IP/TCP 27.214.219.76: 37968> 123.125.114.101: http
IP/TCP 61.135.185.194: http> 27.214.219.76: 50355 SA
IP/TCP 27.214.219.76: 50355> 61.135.185.194: http
IP/TCP 27.214.219.76: 50355> 61.135.185.194: http PA/Raw
IP/TCP 123.125.114.38: http> 27.214.219.76: 53605 SA
IP/TCP 27.214.219.76: 53605> 123.125.114.38: http
IP/TCP 27.214.219.76: 53605> 123.125.114.38: http PA/Raw
IP/TCP 123.125.114.38: http> 27.214.219.76: 53606 SA
IP/TCP 27.214.219.76: 53606> 123.125.114.38: http
IP/TCP 61.135.169.105: http> 27.214.219.76: 38864
IP/TCP 61.135.169.105: http> 27.214.219.76: 38864 PA/Raw
IP/TCP 27.214.219.76: 38864> 61.135.169.105: http
IP/TCP 61.135.169.105: http> 27.214.219.76: 38864 PA/Raw
IP/TCP 27.214.219.76: 38864> 61.135.169.105: http
IP/TCP 119.188.9.40: http> 27.214.219.76: 59056
IP/TCP 119.188.9.40: http> 27.214.219.76: 59056 A/Raw
IP/TCP 119.188.9.40: http> 27.214.219.76: 59056 A/Raw
IP/TCP 27.214.219.76: 59056> 119.188.9.40: http
IP/TCP 119.188.9.40: http> 27.214.219.76: 59056 A/Raw
IP/TCP 119.188.9.40: http> 27.214.219.76: 59056 PA/Raw
IP/TCP 27.214.219.76: 59056> 119.188.9.40: http
IP/TCP 61.135.162.115: http> 27.214.219.76: 47655 SA
IP/TCP 27.214.219.76: 47655> 61.135.162.115: http
IP/TCP 27.214.219.76: 47655> 61.135.162.115: http PA/Raw
IP/TCP 60.55.35.47: http> 27.214.219.76: 55193 FA
IP/TCP 27.214.219.76: 55193> 60.55.35.47: http
IP/TCP 61.135.185.194: http> 27.214.219.76: 50355
IP/TCP 61.135.185.194: http> 27.214.219.76: 50355 PA/Raw
IP/TCP 27.214.219.76: 50355> 61.135.185.194: http
IP/TCP 123.125.114.38: http> 27.214.219.76: 53605
IP/TCP 123.125.114.38: http> 27.214.219.76: 53605 PA/Raw
IP/TCP 27.214.219.76: 53605> 123.125.114.38: http
IP/TCP 61.135.162.115: http> 27.214.219.76: 47655
IP address/TCP 61.135.162.115: http> 27.214.219.76: 47655 PA/Raw
IP/TCP 27.214.219.76: 47655> 61.135.162.115: http
IP/UDP/DNS Qry "sclick.baidu.com ."
IP/UDP/DNS Qry "c.baidu.com ."
IP/TCP 27.214.219.76: 59056> 119.188.9.40: http PA/Raw
IP/UDP/DNS Ans "s.a.shifen.com ."
IP/TCP 27.214.219.76: 47154> 123.125.115.95: http S
IP/UDP/DNS Ans "c.e.shifen.com ."
IP/TCP 27.214.219.76: 56976> 123.125.114.64: http S
IP/TCP 119.188.9.40: http> 27.214.219.76: 59056
IP/TCP 119.188.9.40: http> 27.214.219.76: 59056 A/Raw
IP/TCP 119.188.9.40: http> 27.214.219.76: 59056 PA/Raw
IP/TCP 27.214.219.76: 59056> 119.188.9.40: http
IP/TCP 27.214.219.76: 56977> 123.125.114.64: http S
IP/TCP 27.214.219.76: 47157> 123.125.115.95: http S
IP/TCP 123.125.115.95: http> 27.214.219.76: 47154 SA
IP/TCP 27.214.219.76: 47154> 123.125.115.95: http
IP/TCP 27.214.219.76: 47154> 123.125.115.95: http PA/Raw
IP/TCP 123.125.114.64: http> 27.214.219.76: 56976 SA
IP/TCP 27.214.219.76: 56976> 123.125.114.64: http
IP/TCP 27.214.219.76: 56976> 123.125.114.64: http PA/Raw
IP/TCP 123.125.114.64: http> 27.214.219.76: 56977 SA
IP/TCP 27.214.219.76: 56977> 123.125.114.64: http
IP/TCP 123.125.115.95: http> 27.214.219.76: 47157 SA
IP/TCP 27.214.219.76: 47157> 123.125.115.95: http
IP/TCP 123.125.115.95: http> 27.214.219.76: 47154
IP/TCP 123.125.115.95: http> 27.214.219.76: 47154 PA/Raw
IP/TCP 27.214.219.76: 47154> 123.125.115.95: http
IP/TCP 123.125.115.95: http> 27.214.219.76: 47154 FA
IP/TCP 27.214.219.76: 47154> 123.125.115.95: http FA
IP/TCP 123.125.114.64: http> 27.214.219.76: 56976
IP/TCP 123.125.114.64: http> 27.214.219.76: 56976 PA/Raw
IP/TCP 27.214.219.76: 56976> 123.125.114.64: http
IP/TCP 123.125.114.64: http> 27.214.219.76: 56976 FA
IP/TCP 27.214.219.76: 56976> 123.125.114.64: http FA
IP/UDP/DNS Qry "trust.baidu.com ."
IP/TCP 27.214.219.76: 59056> 119.188.9.40: http PA/Raw
IP/TCP 123.125.115.95: http> 27.214.219.76: 47154
IP/UDP/DNS Ans "trust.e.shifen.com ."
IP/TCP 123.125.114.64: http> 27.214.219.76: 56976
IP/TCP 119.188.9.40: http> 27.214.219.76: 59056
IP/TCP 119.188.9.40: http> 27.214.219.76: 59056 PA/Raw
IP/TCP 27.214.219.76: 59056> 119.188.9.40: http
^ C <Sniffed: TCP: 208 UDP: 20 ICMP: 1 Other: 0>

It should also be displayed with show:

>>> sniff(iface=,prn=lambda x:x.show())

Partial results:

### [IP] ###
Version = 4L
Ihl = 5L
Tos = 0x0
Len = 40
Id = 52068
Flags = DF
Frag = 0L
Ttl = 64
Proto = tcp
Chksum = 0x8151
Src = 27.214.219.76
Dst = 61.135.185.112
\ Options \
### [TCP] ###
Sport = 59617
Dport = http
Seq = 3932617191L
Ack = 411565738
Dataofs = 5L
Reserved = 0L
Flags = FA
Window = 182
Chksum = 0xee34
Urgptr = 0
Options = {}
^ C <Sniffed: TCP: 1 UDP: 0 ICMP: 0 Other: 0>

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More

Scapy Study Notes (4) Simple sniffing

Contact Us

What's Trending

Top 10 Tags

Top 10 Keywords

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support

Scapy Study Notes (4) Simple sniffing

Contact Us

What's Trending

Top 10 Tags

Top 10 Keywords

Trending Topic

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support