sniffer

How to capture/dump Bluetooth LE Link Layer packets in linux without sniffer?

瘦欲@ 提交于 2020-06-13 08:33:21
问题 I want to capture/dump BLE air interface Link Layer packets in linux stably. The BLE air interface Link Layer packets seem like follows: sniffered using ubertooth when connecting another BLE device However, sniffering through ubertooth is much less reliable(often lose packets). So, I want to dump BLE traffic data using tools like tcpdump and btmon. I got results like this: result of tcpdump when connecting another BLE device However, there is no information about LL_ENC_REQ and LL_ENC_RSP,

20199303 2019-2020-2 《网络攻防实践》第4周作业

混江龙づ霸主 提交于 2020-03-25 21:28:42
学习总结 Sniffer(嗅探器) 嗅探器是一种常用的收集有用数据方法,这些数据可以是用户的帐号和密码,可以是一些商用机密数据等等。Snifffer可以作为能够捕获网络报文的设备,ISS为Sniffer这样定义:Sniffer是利用计算机的网络接口截获目的地为其他计算机的数据报文的一种工具。 SNIFFER要捕获的东西必须是要物理信号能收到的报文信息。显然只要通知网卡接收其收到的所有包(一般叫做杂收promiscuous模式:指网络上的所有设备都对总线上传送的数据进行侦听,并不仅仅是它们自己的数据。),在HUB下就能接收到这个网段的所有包,但是交换机下就只能是自己的包加上广播包。 要想在交换机下接收别人的包,那就要让其发往你的机器所在口。交换机记住一个口的MAC是通过接收来自这个口的数据后并记住其源MAC,就像一个机器的IP与MAC对应的ARP列表,交换机维护一个物理口与MAC的表,所以可以欺骗交换机的。可以发一个包设置源MAC是你想接收的机器的MAC,那么交换机就把你机器的网线插的物理口与那个MAC对应起来了,以后发给那个MAC的包就发往你的网线插口了,也就是你的网卡可以Sniffer到了。注意这物理口与MAC的表与机器的ARP表一样是动态刷新的,那机器发包后交换HUB就又记住他的口了,所以实际上是两个在争,这只能应用在只要收听少量包就可以的场合。

网络嗅探

|▌冷眼眸甩不掉的悲伤 提交于 2020-01-18 14:35:46
网络嗅探 嗅探目标:基于UDP发现目标网络存活的主机 嗅探基础:当发送一个UDP数据包到主机上的某个关闭端口时,目标主机返回ICMP包指示目标端口不可达,证明目标主机存活,否则证明目标主机不存在 import socket import os import struct import threading import time #导入netaddr包处理子网ip地址 from netaddr import IPNetwork,IPAdress from ctypes import * #扫描主机号 host="192.168.65.133" #扫描子网号 subnet="192.168.65.0/24" magic_message="PYTHONRULES" def udp_sender(subnet,magic_message): time.sleep(5) sender=socket.socket(socket.AF_INET,socket.SOCK_DGRAM) for ip in IPNetwork(subnet): try: #发送数据到子网内所有主机 sender.sendto(magic_message,("%s" % ip,65212)) except: pass #对Ip数据报报头进行解析 class IP(Structure): _fields_=[ ("ihl

MicroPython实现wifi干扰与抓包

浪子不回头ぞ 提交于 2020-01-04 22:49:33
  0×00前言   之前做的WIFI攻击实验都是基于arduino环境开发的,最近想尝试一下使用micropython完成deautch(解除认证)攻击。本次开发板使用的还是TPYBoardv202。   0×01实现原理   a) 通过查阅资料和arduino的源码分析,了解到实现攻击其实就是发送IEEE802.11协议解除认证包,根据MAC层帧格式发送自定义的虚假deautch数据包。   b) 调用ESP8266SDK中wifi_send_pkt_freedom函数,发送攻击包。   0×02攻击构思   a) 程序一开始扫描附件的AP。   b) 找到信号最强的AP,获取到他的MAC地址(bssid)和信道。   c) 将TPYBoardv202切换到同攻击AP相同的信道。   d) 使用攻击AP的MAC地址,组合deauth解除认证包发送。   0×03编译烧写固件及程序源码   1、 编译固件   现有的micropython-esp8266固件中,并没有引出wifi_send_pkt_freedom函数,于是   我自己动手编译了一次固件,地址:   https://github.com/PakchoiFood/micropython-deauth   大家可以自行下载烧写使用,如果有的小伙伴想自己编译修改固件的话,请参考:   https://github.com

Reconstructing data from PCAP sniff

自作多情 提交于 2019-12-31 09:30:12
问题 I am trying to sniff HTTP data through libpcap and get all the http contents (header+payload) after processing the TCP payload. As per my discussion at Writing an http sniffer (or any other application level sniffer) , I am facing problems due to fragmentation - I need to reconstruct the whole stream (or defragment it) to get a complete HTTP packet, and this is where I need some help. Thanks in anticipation !! 回答1: It's really pretty simple. Just take the ethernet frames that you get from

Windows Phone 7 sniffer

Deadly 提交于 2019-12-23 23:13:37
问题 Does any know some good http (at least) sniffer which works under Windows Phone 7 OS? Currently I use wireshark/fiddler + windows phone 7 emulator for testing, but anyway I want to test my app using real phone + some win 7 phone sniffer too. I'll appreciate any help. 回答1: You can use Fiddler with your device also. Mike Ormond demonstrates here. More Monitoring Web Requests on Windows Phone 回答2: The current Windows Phone platform SDK does not expose access to the network stack or the radio

sniffer can't find DJANGO_SETTINGS_MODULE

自作多情 提交于 2019-12-23 12:15:44
问题 I'm trying to automate the test rerun after a change while developing. After searching around a little sniffer seemed fine. But if I run it my tests fail with this error: ERROR: Failure: ImportError (Settings cannot be imported, because environment variable DJANGO_SETTINGS_MODULE is undefined.) if I run them manually they pass. Do you have a clue why sniffer won't work? 回答1: Something like the following as your scent.py should work: from subprocess import call from sniffer.api import runnable

判断和设置网卡的混杂模式

拜拜、爱过 提交于 2019-12-23 07:38:27
用网络特工之类的软件(sniffer等)网卡一定会开启混杂模式 但是网卡处在混杂模式不一定是在用网络特工,不过处在混杂模式的网卡一定没干好事。 方法很简单,首先确定你没有跟你网段内的电脑有通信。打开cmd, arp -d 删除掉你的ARP列表 然后 ping你的网管或者 ping你自己,再 arp -a 显示你的ARP表,这时你的ARP表就会显示你ping的 ip地址和mac地址的对应关系, 如果还有其他条 ip和mac 对应的话, 呵呵 就是他了 :0。 这里再说明一下为什么可以这样判断: 当网卡处在混杂模式的时候会接收并响应网络上任何的数据报,所以当我向网关发送一个ICMP包时被那台.179的电脑截获了数据报 并产生了回应,然而我ping的是.129的电脑 ,所以我的主机只会对129主机发送的echo产生回应, 而对179发过来的数据包我的主机进行了丢弃, 然而由于179的主机同我的主机产生了通信, 所以就在我的主机ARP表上产生了一条ARP项。 Sniffer,中文可以翻译为嗅探器,是一种威胁性极大的被动攻击工具。使用这种工具,可以监视网络的状态、数据流动情况以及网络上传输的信息。 当信息以明文的形式在网络上传输时,便可以使用网络监听的方式来进行攻击。将网络接口设置在监听模式,便可以将网上传输的源源不断的信息截获。黑客们常常用它来截获用户的口令

Python arp sniffing raw socket no reply packets

廉价感情. 提交于 2019-12-20 09:23:40
问题 to understand the network concepts a bit better and to improve my python skills I am trying to implement a packet sniffer with python. I have just started to learn python, so the code could be optimized of course ;) I have implemented an packet sniffer which unpacks the ethernet frame and the arp header. I want to make it with raw sockets because I want to understand every byte within those headers, so please no scapy help :) The problem is, that I won´t get any arp reply packet. It´s always

Detect if website visitor has toolbars installed eg. Google toolbar using javascript

僤鯓⒐⒋嵵緔 提交于 2019-12-20 01:47:07
问题 I am working on an online education website that frequently uses pop up windows. This is part of a learning management system from a third party provider so not possible to change the way this works. We get lots of helpdesk calls with users stuggling with popup blockers - in their OS, browser settings and additional toolbars. I am using javascript to sniff browser and OS so we can display appropriate pop up blocker instructions onscreen. Is it possible to do similar technique to detect
订阅 sniffer