Search code examples
pythonlinuxnetwork-programmingconfigurationscapy

change from eth0 to eth1 in scapy

Hy, i need to sniff the packets from the net, actually i am on virtual machine (with Kali Linux as SO) and i attached 2 network, one is internal network, in communication with vulnerable machine (192.168.8.0/24) on eth1 and the second one comunicate with the internet (10.0.2.0/24) on eth0.

$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
    inet 10.0.2.5  netmask 255.255.255.0  broadcast 10.0.2.255
    inet6 fe80::a00:27ff:fe36:b405  prefixlen 64  scopeid 0x20<link>
    ether 08:00:27:36:b4:05  txqueuelen 1000  (Ethernet)
    RX packets 5  bytes 1360 (1.3 KiB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 31  bytes 3968 (3.8 KiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.8.103  netmask 255.255.255.0  broadcast 192.168.8.255
        inet6 fe80::3aa7:1f77:c2b7:8bf3  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:84:aa:29  txqueuelen 1000  (Ethernet)
        RX packets 584  bytes 180109 (175.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 37  bytes 11042 (10.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

I write a program in python that sniff the packets and take the source and destination ips, but the sniffing is active only on eth0, but in this phase of testing i need to scan the internal network on eth1.

How can i change the settings for scapy? Is possible to do?

The scapy code, in python:

   def print_pkt(self, pkt):
    #pkt.show()
    if IP in pkt:
        if debug:
            print("Mac: " , pkt.src)
            print("Sorgente IP: " , pkt[IP].src)
            print("Destinazione IP: " , pkt[IP].dst)

        tempSrc = pkt[IP].src
        tempDst = pkt[IP].dst
        if self.myIpList.get(tempSrc) == None:
            self.myIpList[tempSrc] = datetime.now().strftime("%m/%d/%Y, %H:%M:%S")

            # save on file
            self.fileSrc.writelines("ip: " + tempSrc + " time: " + datetime.now().strftime("%m/%d/%Y, %H:%M:%S") + " \n")


        if self.myIpListDst.get(tempDst) == None:
            self.myIpListDst[tempDst] = datetime.now().strftime("%m/%d/%Y, %H:%M:%S")

            # save on file
            self.fileDst.writelines("ip: " + tempDst + " time: " + datetime.now().strftime("%m/%d/%Y, %H:%M:%S") + " \n")
            
def __start_scanner__(self, theCount):
    # open file in append mode
    self.fileSrc = open(scapyScannSRC, "a")
    self.fileDst = open(scapyScannDST, "a")
    
    
    if debug:
        print("Start sniffing")

    # Report().saveString("Start sniffing")
    # pkt=sniff(prn=self.print_pkt, store=0) #unlimited sniffing
    pkt=sniff(prn=self.print_pkt, count=theCount, store=0) # scann terminate after 5000 packet
    # Report().saveString("End sniffing")
    

    self.fileSrc.close()
    self.fileDst.close()


    if debug:
        print("Scan ended")
        print(self.myIpList.items())
        print(self.myIpListDst.items())
Solution

  • In function sniff you can provide interface on which one you want to sniff the packets. In your case change this line

    pkt=sniff(prn=self.print_pkt, count=theCount, store=0)

    To

    pkt=sniff(iface="eth1", prn=self.print_pkt, count=theCount, store=0)

    If you want to you can sniff on multiple interfaces because iface parameter can be the list.