sniff traffic on a particular port using scapy

sukhvir picture sukhvir · Jul 29, 2014 · Viewed 12.7k times · Source

Ok so I have client and a server code.

The server code looks like this :

import socket
import sys

HOST = ''   
PORT = 5555

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print 'Socket created'

#Bind socket to local host and port
try:
    s.bind((HOST, PORT))
except socket.error as msg:
    print 'Bind failed. Error Code : ' + str(msg[0]) + ' Message ' + msg[1]
    sys.exit()

print 'Socket bind complete'

#Start listening on socket
s.listen(10)
print 'Socket now listening'

#now keep talking with the client
while 1:
    conn, addr = s.accept()
    print 'Connected with ' + addr[0] + ':' + str(addr[1])
    data = conn.recv(10000)
    print data
s.close()

Now what I wanna be able to do is to conduct some analysis on these incoming packets on that socket (port 5555). Basically I want extract header flags. I was trying to do this using scapy function sniff() as found here Fetch source address and port number of packet - Scapy script

only i wanna be able to just sniff packets coming in on that port .. not any other traffic.

How do I go about doing this ?

Answer

wookie919 picture wookie919 · Jul 31, 2014

The following will capture all packets with destination port number equal to 5555 on all available interfaces.

sniff(filter = 'dst port 5555')

You can of course specify the interface that you wish to sniff on by specifying the iface parameter.