3

I've been trying to make a packet sniffer in windows using python and I've come across a little trouble.

The basic code I have right now is

import socket
import struct

s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_IP)
host = socket.gethostbyname(socket.gethostname())
s.bind((host, 0))

while True:
   print(s.recv(2048))

I've started to receive information, which is good, but I'm not sure if what I'm getting is what I want.

I want to receive and display all inbound ethernet frames.

According to another answer I saw on stack overflow, as far as using sockets is concerned, this can only be done on linux. They said that to do this on windows, it would require WinPcap.

Is that true, and if so what information am I currently receiving, because s.recv() is returning some output in the form of byte string:

b'E\x00\x00(j\xcc@\x00=\x06\xe9\xc4h\x10m\x12\n\x17\n\x06\x01\xbb\xc7\xbc\xe0\xb8s|\x14d\xad\xbcP\x10\x00\x1f\xe6\xa8\x00\x00'

Sorry if my question is confusing in any way, I'm somewhat of a beginner.

Nicomedes E.
  • 1,326
  • 5
  • 18
  • 27
Tate Davenport
  • 31
  • 2
  • Possible duplicate of [Raw socket packet sniffer in Python 3.6 on Windows](https://stackoverflow.com/questions/41565505/raw-socket-packet-sniffer-in-python-3-6-on-windows) – Zaboj Campula Oct 02 '17 at 15:24
  • When using sockets, you are using Window´s protocol stack, i. e. you only get the info "second hand". WInpcap will allow you to bypass the stack and access the data as it comes from the network card. – C. Gonzalez Oct 02 '17 at 15:59

0 Answers0