nflog_sniffer.py - gist.x-way.org

nflog_sniffer.py · 905 B · Python Raw

1	#!/usr/bin/python
2	#
3	# Written by Andreas Jaggi <andreas.jaggi@waterwave.ch> in December 2015
4	#
5
6	from socket import AF_INET, AF_INET6, inet_ntop
7
8	import nflog
9
10	from dpkt import ip, dns
11
12	def callback(payload):
13	pkt = ip.IP(payload.get_data())
14	if pkt.p == ip.IP_PROTO_UDP:
15	pack = dns.DNS(pkt.udp.data)
16	if pack.qr == dns.DNS_R:
17	for rr in pack.an:
18	if rr.type == dns.DNS_A:
19	print "answer(%s)[%d]: %s" % (rr.name, rr.ttl, inet_ntop(AF_INET,rr.ip))
20	if rr.type == dns.DNS_AAAA:
21	print "answer(%s)[%d]: %s" % (rr.name, rr.ttl, inet_ntop(AF_INET6,rr.ip6))
22	if rr.type == dns.DNS_CNAME:
23	print "answer(%s)[%d]: %s" % (rr.name, rr.ttl, rr.cname)
24
25
26	def main():
27	l = nflog.log()
28	l.set_callback(callback)
29	l.fast_open(123,AF_INET)
30	try:
31	l.try_run()
32	except KeyboardInterrupt, e:
33	print "interrupted, terminating..."
34	l.unbind(AF_INET)
35	l.close()
36
37
38	if __name__ == "__main__":
39	main()