search

phaethon / kamene

Network packet and pcap file crafting/sniffing/manipulation/visualization security tool. Originally forked from scapy in 2015 and providing python3 compatibility since then.
GNU General Public License v2.0
863 stars 193 forks source link

Scapy on Windows 7 #88

Open gparent opened 8 years ago

gparent commented 8 years ago

Still doesn't work, as explained in issue #50

Here's sample code:

#!/usr/bin/env python3

from scapy.all import *

with PcapReader('cap.pcap') as pcap_reader:
    for pkt in pcap_reader:
        print('Packet!')

With that code, an exception is thrown when importing the package: too many values to unpack (expected 2)

I'm reopening a new issue because the code provided by sysengkm works, so it would be nice to see if it can be merged in.

phaethon commented 8 years ago

Code is merged. Are you using latest master? I accidentaly "re-merged" it again, but @sysengkm patch was in the code for some time already.

gparent commented 8 years ago

Check carefully above, I linked directly to the comment by @sysengkm where he literally includes the code that works* for me. I would suggest using diff to check the differences in the code because they are rather minor.

EDIT: I guess I didn't link to the comment I thought. My bad: https://github.com/phaethon/scapy/issues/50#issuecomment-189493197

Here's the code in c57d444:

def get_windows_if_list():

    ps = sp.Popen(['powershell', '-NoProfile', 'Get-WMIObject -class Win32_NetworkAdapter', '|', 'select Name, @{Name="InterfaceIndex";Expression={$_.Index}}, @{Name="InterfaceDescription";Expression={$_.Description}},@{Name="InterfaceGuid";Expression={$_.GUID}}, @{Name="MacAddress";Expression={$_.MacAddress.Replace(":","-")}} | where InterfaceGuid -ne $null', '|', 'fl'], stdout = sp.PIPE, universal_newlines = True)

    stdout, stdin = ps.communicate(timeout = 10)

Here's the same function in a7cd488:

def get_windows_if_list():
    # Windows 8+ way: ps = sp.Popen(['powershell', 'Get-NetAdapter', '|', 'select Name, InterfaceIndex, InterfaceDescription, InterfaceGuid, MacAddress', '|', 'fl'], stdout = sp.PIPE, universal_newlines = True)
    ps = sp.Popen(['powershell', '-NoProfile', 'Get-WMIObject -class Win32_NetworkAdapter', '|', 'select Name, @{Name="InterfaceIndex";Expression={$_.Index}}, @{Name="InterfaceDescription";Expression={$_.Description}},@{Name="InterfaceGuid";Expression={$_.GUID}}, @{Name="MacAddress";Expression={$_.MacAddress.Replace(":","-")}} | where InterfaceGuid -ne $null', '|', 'fl'], stdout = sp.PIPE, universal_newlines = True)
    stdout, stdin = ps.communicate(timeout = 10)

Here's the code that works for me:

def get_windows_if_list():
    # Windows 8+ way: ps = sp.Popen(['powershell', 'Get-NetAdapter', '|', 'select Name, InterfaceIndex, InterfaceDescription, InterfaceGuid, MacAddress', '|', 'fl'], stdout = sp.PIPE, universal_newlines = True)
    ps = sp.Popen(['powershell', '-NoProfile', 'Get-WMIObject -class Win32_NetworkAdapter', '|', 'select Name, @{Name="InterfaceIndex";Expression={$_.Index}}, @{Name="InterfaceDescription";Expression={$_.Description}},@{Name="InterfaceGuid";Expression={$_.GUID}}, @{Name="MacAddress";Expression={$_.MacAddress.Replace(":","-")}}', '|', 'fl'], stdout = sp.PIPE, universal_newlines = True)
    stdout, stdin = ps.communicate(timeout = 10)

In this case, when I say "works", it means I can execute the sample code I provided above, but I have not tested live captures yet using the interfaces the functions are meant to detect since I'd like to tackle this problem first.

phaethon commented 8 years ago

You mean it "works" only without | where InterfaceGuid -ne $null' ? Meaning it returns all interface Guids as null? I doubt that it is actually working. Please, perform further tests that you can really sniff and send packets. If it really works I would be interested in more information on your configuration. There was another issue why this code fragment was added.

gparent commented 8 years ago

Right, I did not need the live captures at the time. I will test them tomorrow during the day.

Either way, the current code in master doesn't allow me to do live captures either, so I'm sure we can make some progress on this regardless of outcome.

Thank you for your time.

EDIT: Unfortunately gonna be monday.

gparent commented 8 years ago

Live captures do not appear to work with this code:

from scapy.all import *

def pkt_callback(pkt):
    pkt.show() # debug statement

sniff(prn=pkt_callback)

The code does not error but the callback is never called.

Thank you,

Bioh4z4rd commented 8 years ago

Maybe my pull request is something for you: https://github.com/phaethon/scapy/pull/96

Tried some basic sniffing for ICMP packets as well as sending/receiving.

gpotter2 commented 6 years ago

Hi !

The original scapy fork, which now supports Python 3 ! This fork (scapy3k) is missing many updates, bug fixes and tweaks. You can have a look at https://github.com/secdev/scapy to get more support !

Have a good day