GUID number of windows interface giving error: ValueError: Unknown network interface '{1619EEF1-4D71-4831-87AC-8E5DC3AA516A}'

Question

Import scapy version 2.4.0. I am only using version 2.4.0 for my project

import scapy.all as scapy
import sys

by using IP address this function return related MAC address of the target

 def get_mac(ip):
   arp_request = scapy.ARP(pdst=ip)
   broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
   arp_request_broadcast = broadcast/arp_request
   answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0]
   return answered_list[0][1].hwsrc

 def sniff(interface):
   scapy.sniff(iface=interface, store=False, prn=process_sniffed_packet)

This function checks whether default gateway MAC address is equal to my PC's MAC address table. if not it says "[+] You are under attack!!

 def process_sniffed_packet(packet):
    if packet.haslayer(scapy.ARP) and packet[scapy.ARP].op == 2:
       count = 1
       try:
          real_mac = get_mac(packet[scapy.ARP].psrc)
          response_mac = packet[scapy.ARP].hwsrc

          if real_mac != response_mac:
              count = count+1
              print(str(count) + "[+] You are under attack!!")
              sys.stdout.flush()
      except IndexError:
          pass

in Linux, we can use a value like 'etho' but In windows, I have to use GUID value to get the result. I am running this code in Windows Machine.

sniff('{1619EEF1-4D71-4831-87AC-8E5DC3AA516A}')

But this code return error

This is the Error that got raised

 raise ValueError("Unknown network interface %r" % name)
 ValueError: Unknown network interface '{1619EEF1-4D71-4831-87AC- 
 8E5DC3AA516A}'

score 2 · Answer 1 · answered Mar 10 '19 at 22:45

On Windows, you need to provide a complete interface name / object, to be able to sniff on it.

First, have a look at what is available using IFACES.show() in a Scapy shell.

Then to get the interface, you can either use:

iface = IFACES.dev_from_name("...") (or dev_from_pcapname, dev_from_id... have a look at help(IFACES) to see what’s available)
iface = "the full name as printed above"

Then use it via sniff(iface=iface).

You could provide the pcap_name, but not the GUID: for instance, it would be something like \\Device\\NPF_{...} rather than just {...}.

Also, please use scapy 2.4.3rc1 (or at least 2.4.2) to be sure you’re up-to-date

score 0 · Answer 2 · answered May 18 '20 at 02:54

0

I solved the scapy error ValueError: Unknown network interface on windows by installing npcap

answered May 18 '20 at 02:54

Pedro Lobito

94,083
31
258
268

1

Yes, you need either WinPcap or Npcap to run libpcap-based software on Windows. – user13251981 May 18 '20 at 05:31

GUID number of windows interface giving error: ValueError: Unknown network interface '{1619EEF1-4D71-4831-87AC-8E5DC3AA516A}'

2 Answers2

Linked