AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.


#Power
#Power
 View Only
Back to discussions
Expand all | Collapse all

Python socket sniffer on AIX5.3 not working

  • 1.  Python socket sniffer on AIX5.3 not working

    Posted Fri September 11, 2015 09:54 AM

    Originally posted by: arnar75


    Hello all,

    I'm trying to create a python network sniffing script that will grab certain traffic that I need to log.

    So far I have not been able to sniff anything but ICMP packets which is strange since the same code works fine on linux.

    Python version is 2.7.5

     

    python code :

    import socket

    #create an INET, STREAMing socket
    s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_IP)
    s.bind(('', 0))

    # receive a packet
    while True:
            print "Sniffing"
            packet = s.recvfrom(65565)
            print packet

     

    any help would be greatly appreciated :)

     

     


    #AIX-Forum


  • 2.  Re: Python socket sniffer on AIX5.3 not working

    Posted Fri September 11, 2015 05:06 PM

    Originally posted by: DaveMarquardt


    First question: Are you running as root?

    It would also be interesting to run this under truss, to see what system calls are used.

     


    #AIX-Forum


  • 3.  Re: Python socket sniffer on AIX5.3 not working

    Posted Sat September 12, 2015 01:29 PM
      |   view attached

    Originally posted by: arnar75


    Hi Dave,

    Yes. I'm running the program as root.

    I don't have any experience with truss but the output from truss is attached if you are interested.

    Also it does not look like Python implements AF_NDD sockets so that seems to be a dead end.

    I was also hoping I could do without pcap but it looks like I have to try it at least.


    #AIX-Forum

    Attachment(s)

    txt
    truss.output.txt   93 KB 1 version


  • 4.  Re: Python socket sniffer on AIX5.3 not working

    Posted Mon September 14, 2015 09:42 AM

    Originally posted by: DaveMarquardt


    Sadly, that truss output doesn't provide much light.

    I ran my own experiments. I substituted the actual value of AF_NDD (20) when creating an AF_NDD socket, but s.recvfrom didn't work.

    If all you're trying to do is sniff and print packets, AIX has tcpdump and iptrace for that. If you're trying to do something more interesting in your Python program, then pcap is the way to go.


    #AIX-Forum


  • 5.  Re: Python socket sniffer on AIX5.3 not working

    Posted Tue September 15, 2015 09:48 AM

    Originally posted by: arnar75


    Hi,

    I need to do more than just see/print the packet, I need to be able to decode the payload also.

    I will try pcap and hopefully it will work better.


    #AIX-Forum


  • 6.  Re: Python socket sniffer on AIX5.3 not working

    Posted Fri September 11, 2015 06:22 PM

    Originally posted by: DaveMarquardt


    Yeah, AIX is not Linux.

    Doing a little research, note this statement at http://www-01.ibm.com/support/knowledgecenter/ssw_aix_53/com.ibm.aix.progcomm/doc/progcomc/skt_comms.htm%23a278x9111:

    Raw access The Internet domain allows a program with root-user authority access to the raw facilities of IP. These interfaces are modeled as SOCK_RAW sockets. Each raw socket is associated with one IP protocol number and receives all traffic for that protocol. This allows administrative and debugging functions to occur and enables user-level implementations of special-purpose protocols such as inter-gateway routing protocols.

    I'm not quite sure why AIX is picking ICMP here.

    On AIX, you might find using AF_NDD sockets more productive.  There's a good example of doing this with C at http://www-01.ibm.com/support/knowledgecenter/ssw_aix_53/com.ibm.aix.progcomm/doc/progcomc/skt_analz_ex.htm%23a3uqin3dbjoyc. You'd have to translate that to Python. Opening the socket is the easy part :) There are other examples specific to Ethernet in this general area also.

    Finally, libpcap is what tcpdump uses, and there are pcap Python modules available.


    #AIX-Forum


Related Content