Thursday 23 June 2022

Network Packet Sniffer:Process an Ethernet frame (MAC src&dest address + protocole) using python

I am trying to simply get and process my ethernet frame in python to do it i wrotte this simple code in python (helped by a tutorial):

import socket
import struct


def ethernet_frame_fct(data):
    dest_mac, src_mac, proto = struct.unpack('! 6s 6s H', data[:14])
    return get_mac_addr_fct(dest_mac), get_mac_addr_fct(src_mac), socket.htons(proto), data[14:]


def get_mac_addr_fct(bytes_addr):
    bytes_str = map('{:02x}'.format, bytes_addr)
    mac_addr = ':'.join(bytes_str).upper()
    return mac_addr


def main_fct():

    # if platform == "linux" or platform == "linux2":
    #     conn = socket.socket(socket.AF_PACKET, socket.SOCKET_RAW, socket.ntohs(3))
    # if platform == "win32":
    HOST = socket.gethostbyname(socket.gethostname())  # the public network interface
    conn = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_IP)  # create a raw socket and bind it to the public interface
    conn.bind((HOST, 0))
    conn.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)  # Include IP headers
    conn.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)  # receives all packets

    while True:
        raw_data, addr = conn.recvfrom(65536)

        dest_mac, src_mac, eth_proto, data = ethernet_frame_fct(raw_data)
        print("\n-Ethernet Frame:")
        print('\t' + "MAC addr Destination= {}, MAC addr Source= {}, Protocol= {}".format(dest_mac, src_mac, eth_proto))


#
main_fct()

The proble is that i get those results when i am running the program:
enter image description here

But the Source MAC address that should be MY mac address is not at all my MAC ADDRESS and the Protocole is not the one of an expected tag.
For exemple: 6=TCP, 17=UDP ...etc... but 17796 is not at all a value that i expected to get.
Concerning this last value for times to times i get different value as i run this programm on my laptot (so the wifi changes) but I NEVER got something logic.

As the usual ethernet frame should look like this: enter image description here

I absolutely don't know where i am wrong.
For days i am really confused and stuck on this problem and so i will very appreciate if someone will be able to help me.

Thank you.



from Network Packet Sniffer:Process an Ethernet frame (MAC src&dest address + protocole) using python
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)