Using Pyshark in Python to create Promiscuous sniffer
In my last post, I wrote about using socket to write data from a client to a server into a text file. Today, I would like to see if I can sniff network traffic and write that into a tex file. The program must be in promiscuous mode, and be independent of ip and port numbers. It will be a two front attack. I will try PyShark and Socket. I am working on a mac using the PyCharm IDE.
This article is about my Pyshark program. I have been working on it for a week and I finally finished the quick and dirty first draft. I have the bones but the meat will have to take some time (too many ideas about functionality).
I read through the documentation for Pyshark and got the gist of what it does and how it works. Then, I did some more research and found this page.
At the bottom of the page, there is an example code for a live packet capture sniffer (pictured below).
I tried to run it in pyCharm and ran into permission problems (I needed root access) so I had to run it in the terminal using the “sudo” prefix to my command. It worked!
cap = pyshark.LiveCapture(interface='en0')cap = capture. This is like a snapshot of the data coming trough the interface chosen and the timeout is the exposure time. Within each capture there are packets and those are what we are interested in. Packets contain the data we want.
After this I started to strip the program. I deleted the print_dns_info() function along with the timeout function at the bottom. I replaced the latter with:
cap.sniff(packet_count=50)and followed it with:
for pkt in cap:
print capI then got this:
oops! I printed cap instead of pkt. But the above picture is what the cap looks like in itself-_-. When I made the change to:
for pkt in cap:
print pktI got:
Hazzah! Now I have to figure out how to print it to a file. I defined an empty string, called out_string, outside the for loop, removed the print statement that was inside the for loop, and made a code that would write each packet into the text file using the out_string value to define and append the incoming packets. I also had to add a new line “string” to space out the packets as well as a header numbering the packets. In the end, the entire code looks like:
# had to install pyshark
# using Python 2.7.12
class pysharkSniffer():
import pyshark
out_string = ""
i = 1
cap = pyshark.LiveCapture(interface='en0')
cap.sniff(packet_count=5)
for pkt in cap:
out_file = open("Eavesdrop_Data.txt", "w")
out_string += "Packet # " + str(i)
out_string += "\n"
out_string += str(pkt)
out_string += "\n"
out_file.write(out_string)
i = i + 1
cap.close()The output is:
Now, every time I run the code, the file I saved the packets to is overwritten unless I change the file name. I also found out that when I was testing my code without the timeout, my code just kept running in the background. It did not stop until I restarted my computer. If anyone knows how to kill codes running in the background on mac (without restarting), please let me know.
Now I will use Npyscreen to make a UI to allow the user to change things like the capture interface and the packet count. But that will be my next post.
