tshark | Livestreaming from Scapy

by pocc
.cast - original recording .txt - plain text version .gif - animated GIF
macOS ◆ xterm-256color ◆ bash 3056 views

Description

Proof-of-Concept that you can send traffic in scapy while reading from it in *shark. In this example, we send pings, delayed by a second until the user hits ^C. The script below uses Scapy, a Python packet crafter.

Transcript

# === Sending Scapy Packets to Tshark ===
# Let's ping 8.8.8.8 a couple times, 1 second apart
# And send the packets to tshark

# We will be using this 15-line Scapy script (will be in transcript)
vi send_pings.py
# You can also just rewind and pause

# Create a file for destination of packets
livepcap=/tmp/scapy.pcap
touch $livepcap

# Send packet generation to background so we can read from it
python send_pings.py & tail -f -n +1 $livepcap | tshark -r -

send_pings.py

# This script will send pings to 8.8.8.8 spaces 1 sec apart
# And write the traffic to a pcap file
import time 
import os

from scapy.all import PcapWriter, sr, IP, ICMP

livepcap = "/tmp/scapy.pcap"
with PcapWriter(livepcap, append=True, sync=True) as pkt_pipe:
    pkt = IP(dst="8.8.8.8") / ICMP()
    while True:
        ans, unans = sr( pkt, verbose = False, retry = 0 ) 
        packets = ans or unans
        pkt_pipe.write(packets)
        time.sleep(1)

More by pocc

tshark | Using the Example Extcap from the Documentation 03:18

by pocc

randpkt usage 01:05

by pocc

tshark | Check traffic on default interface 00:09

by pocc

tshark | Decrypt TLSv1.2 03:38

by pocc

See all