How to sniff ospf packet in windows10 in python3.5 with raw packet

Question

I'm trying to sniff ospf packet in Python, and have achieve this aim in ubuntu.

When it comes to windows, I could only sniff TCP, UDP and IGMP packets.I can capture ospf packets by wireshark.

The code is below.

from socket import *
import struct
import binascii

local_name = getfqdn(gethostname())
local_addr = gethostbyname(local_name)
sniffer = socket(AF_INET, SOCK_RAW, IPPROTO_IP)

sniffer.bind((local_addr, 0))
sniffer.setsockopt(IPPROTO_IP, IP_HDRINCL, 1)

sniffer.ioctl(SIO_RCVALL, RCVALL_ON)

while True:   
    pkt = sniffer.recvfrom(2048)

    ipHeader = pkt[0][0:20]       
    ip_hdr = struct.unpack("!9s1s10s",ipHeader)   
    print("proto:", binascii.hexlify(ip_hdr[1]))

In ubuntu 16.04, I create the socket as below.

sniffer = socket(PF_PACKET,SOCK_RAW,htons(0x0800))

But it seems that PF_PACKET and AF_PACKET are not supported in windows.

How to modify my codes in windows? Or how to capture ethernet frame in windows?

Thanks in advance :)

Try setting the interface to [promiscuous](http://lifeofageekadmin.com/how-to-manually-change-your-nic-to-promiscuous-mode-on-windows-72008-r2/) mode — salparadise, Jun 20 '17 at 04:36
@salparadise `netsh bridge show adapter` returns nothing. And the codes `sniffer.ioctl(SIO_RCVALL, RCVALL_ON)` is to set the interface to promiscuous mode, but it cannot help sniffing ospf packet. Thanks all the same. — Wolf.W, Jun 20 '17 at 06:23

score 1 · Accepted Answer · answered Jul 02 '17 at 12:50

1

I find out the reason. It seems that ospf packet only can be sniffed by capturing ethernet frame in the data link layer. But in windows, that is forbidden. Winpcap could be used.

answered Jul 02 '17 at 12:50

Wolf.W

21
4

How to sniff ospf packet in windows10 in python3.5 with raw packet

1 Answers1