Python Sniffer

Post by **maboroshi** » 11 Sep 2007, 09:43

Here is code for a python sniffer that uses pcap

the code should be faster than normal cause it uses this function

This function can be used to define the minimum amount of data in the kernel buffer that will cause the driver to release a read (i.e. a PacketReceivePacket) in progress.

this is work in progress alpha .00000000001

Cheers

Maboroshi

Oh yea the link www.techshinobi.com/software/fastsniff.zip

python 2.5 required

package includes
source
includes DPKT module for python 2.5
and the PYD

Will post just the source for reference

Code: Select all

import dpkt, pcap
from Tkinter import *
from threading import *
import time

class ThreadedClient:
    def __init__(self, master=None):
        self.master = master               

        self.thread = Thread(target=self.sniff)
        self.frame = frame = Frame(master)
        
        self.labelip = Label(frame, text="Filter")
        self.labelip.pack(side=LEFT)

        self.entryfilter = Entry(frame)
        self.entryfilter.pack(side=LEFT, fill=X,
                              expand=True)

        self.labeli = Label(frame, text="Iface")
        self.labeli.pack(side=LEFT)

        self.entryiface = Entry(frame)
        self.entryiface.pack(side=LEFT, fill=X,
                             expand=True)
        self.entryiface.insert(END, "eth0")

        self.b1 = Button(frame, text="Sniff",
                         command=self.run)
        self.b1.pack(side=LEFT)
        self.b2 = Button(frame, text="Exit",
                         command=self.shutdown)
        self.b2.pack(side=LEFT)

        frame.pack(fill=X)


        self.frame2 = frame2 = Frame(master)
        self.scrollbar = Scrollbar(frame2)
        self.scrollbar.pack(side=RIGHT, fill=Y)

        self.textbox = Listbox(frame2)
        self.textbox.pack(side=LEFT, fill=BOTH,
                          expand=True)
        self.textbox.config(
            yscrollcommand=self.scrollbar.set
            )
        self.scrollbar.config(
            command=self.textbox.yview
            )
        self.frame2.pack(fill=BOTH,
                         expand=True)


    def run(self):
        self.thread.start()

    def shutdown(self):
        sys.exit()

    def sniff(self):
        pc = pcap.pcap(self.entryiface.get())
        pc.setmintocopy(0)
        fil = str(self.entryfilter.get())
        if fil != None:
            pc.setfilter(fil)
        for ts, pkt in pc:
            self.textbox.insert(
                END, `dpkt.ethernet.Ethernet(pkt)`
                )
        time.sleep(0.1)

root = Tk()
root.minsize(600, 150)
root.option_readfile("optionDB")
root.wm_iconbitmap("shinobi.ico")
root.wm_resizable(0, 0)
root.title("Simple Fast Sniff")
client = ThreadedClient(root)
root.mainloop()

Post by **Gogeta70** » 11 Sep 2007, 11:16

Nice one mab, keep 'em coming!