Wolf.W Wolf.W - 3 months ago 26
Python Question

How to sniff ospf packet in windows10 in python3.5 with raw packet

I'm trying to sniff ospf packet in Python, and have achieve this aim in ubuntu.

When it comes to windows, I could only sniff TCP, UDP and IGMP packets.I can capture ospf packets by wireshark.

The code is below.

from socket import *
import struct
import binascii

local_name = getfqdn(gethostname())
local_addr = gethostbyname(local_name)
sniffer = socket(AF_INET, SOCK_RAW, IPPROTO_IP)

sniffer.bind((local_addr, 0))
sniffer.setsockopt(IPPROTO_IP, IP_HDRINCL, 1)

sniffer.ioctl(SIO_RCVALL, RCVALL_ON)

while True:
pkt = sniffer.recvfrom(2048)

ipHeader = pkt[0][0:20]
ip_hdr = struct.unpack("!9s1s10s",ipHeader)
print("proto:", binascii.hexlify(ip_hdr[1]))

In ubuntu 16.04, I create the socket as below.

sniffer = socket(PF_PACKET,SOCK_RAW,htons(0x0800))

But it seems that PF_PACKET and AF_PACKET are not supported in windows.

How to modify my codes in windows? Or how to capture ethernet frame in windows?

Thanks in advance :)

Answer Source

I find out the reason. It seems that ospf packet only can be sniffed by capturing ethernet frame in the data link layer. But in windows, that is forbidden. Winpcap could be used.