In [1]:
from scapy.all import *  # this makes me cringe
WARNING: No route found for IPv6 destination :: (no default route?)
WARNING:scapy.runtime:No route found for IPv6 destination :: (no default route?)
In [2]:
a = sniff(iface="en0", filter="tcp and port 80", count=10)
In [3]:
a
Out[3]:
<Sniffed: TCP:10 UDP:0 ICMP:0 Other:0>
In [4]:
a.res
Out[4]:
[<Ether  dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP  version=4L ihl=5L tos=0x0 len=64 id=650 flags=DF frag=0L ttl=64 proto=tcp chksum=0x9f88 src=10.25.3.61 dst=184.73.211.6 options=[] |<TCP  sport=53491 dport=http seq=3474155615 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0xecd6 urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433615, 0)), ('SAckOK', ''), ('EOL', None)] |>>>,
 <Ether  dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP  version=4L ihl=5L tos=0x0 len=64 id=41196 flags=DF frag=0L ttl=64 proto=tcp chksum=0xb59a src=10.25.3.61 dst=50.31.164.188 options=[] |<TCP  sport=53492 dport=http seq=3315328916 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0x2b8d urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433615, 0)), ('SAckOK', ''), ('EOL', None)] |>>>,
 <Ether  dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP  version=4L ihl=5L tos=0x0 len=64 id=40761 flags=DF frag=0L ttl=64 proto=tcp chksum=0xb74d src=10.25.3.61 dst=50.31.164.188 options=[] |<TCP  sport=53493 dport=http seq=700164627 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0x4ee urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433615, 0)), ('SAckOK', ''), ('EOL', None)] |>>>,
 <Ether  dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP  version=4L ihl=5L tos=0x0 len=64 id=26980 flags=DF frag=0L ttl=64 proto=tcp chksum=0x38ae src=10.25.3.61 dst=184.73.211.6 options=[] |<TCP  sport=53494 dport=http seq=2552994569 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0xf110 urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433616, 0)), ('SAckOK', ''), ('EOL', None)] |>>>,
 <Ether  dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP  version=4L ihl=5L tos=0x0 len=64 id=48861 flags=DF frag=0L ttl=64 proto=tcp chksum=0xe334 src=10.25.3.61 dst=184.73.211.6 options=[] |<TCP  sport=53495 dport=http seq=1279463156 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0xc90d urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433616, 0)), ('SAckOK', ''), ('EOL', None)] |>>>,
 <Ether  dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP  version=4L ihl=5L tos=0x0 len=64 id=14036 flags=DF frag=0L ttl=64 proto=tcp chksum=0x6b3e src=10.25.3.61 dst=184.73.211.6 options=[] |<TCP  sport=53496 dport=http seq=2445014061 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0x9e5a urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433616, 0)), ('SAckOK', ''), ('EOL', None)] |>>>,
 <Ether  dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP  version=4L ihl=5L tos=0x0 len=64 id=60321 flags=DF frag=0L ttl=64 proto=tcp chksum=0xb670 src=10.25.3.61 dst=184.73.211.6 options=[] |<TCP  sport=53497 dport=http seq=405324467 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0x4967 urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433616, 0)), ('SAckOK', ''), ('EOL', None)] |>>>,
 <Ether  dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP  version=4L ihl=5L tos=0x0 len=64 id=34902 flags=DF frag=0L ttl=64 proto=tcp chksum=0x19bc src=10.25.3.61 dst=184.73.211.6 options=[] |<TCP  sport=53498 dport=http seq=3477655716 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0x8454 urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433616, 0)), ('SAckOK', ''), ('EOL', None)] |>>>,
 <Ether  dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP  version=4L ihl=5L tos=0x0 len=64 id=31060 flags=DF frag=0L ttl=64 proto=tcp chksum=0xd487 src=10.25.3.61 dst=192.33.31.101 options=[] |<TCP  sport=53499 dport=http seq=3025988404 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0x3030 urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433689, 0)), ('SAckOK', ''), ('EOL', None)] |>>>,
 <Ether  dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP  version=4L ihl=5L tos=0x0 len=64 id=33529 flags=DF frag=0L ttl=64 proto=tcp chksum=0xcae2 src=10.25.3.61 dst=192.33.31.101 options=[] |<TCP  sport=53500 dport=http seq=1607594496 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0x7dee urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433689, 0)), ('SAckOK', ''), ('EOL', None)] |>>>]
In [5]:
a.res[0]  # first packet
Out[5]:
<Ether  dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP  version=4L ihl=5L tos=0x0 len=64 id=650 flags=DF frag=0L ttl=64 proto=tcp chksum=0x9f88 src=10.25.3.61 dst=184.73.211.6 options=[] |<TCP  sport=53491 dport=http seq=3474155615 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0xecd6 urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433615, 0)), ('SAckOK', ''), ('EOL', None)] |>>>
In [6]:
a.res[0].show()
###[ Ethernet ]###
  dst       = 00:1d:70:df:2d:11
  src       = 14:10:9f:e1:54:9b
  type      = 0x800
###[ IP ]###
     version   = 4L
     ihl       = 5L
     tos       = 0x0
     len       = 64
     id        = 650
     flags     = DF
     frag      = 0L
     ttl       = 64
     proto     = tcp
     chksum    = 0x9f88
     src       = 10.25.3.61
     dst       = 184.73.211.6
     \options   \
###[ TCP ]###
        sport     = 53491
        dport     = http
        seq       = 3474155615
        ack       = 0
        dataofs   = 11L
        reserved  = 0L
        flags     = S
        window    = 65535
        chksum    = 0xecd6
        urgptr    = 0
        options   = [('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433615, 0)), ('SAckOK', ''), ('EOL', None)]