1
00:00:00,120 --> 00:00:04,860
In this video, I'm going to show you how to use Python to capture packets off the wire.

2
00:00:05,310 --> 00:00:11,640
We're going to use Python scripts so that we can programmatically run Wireshark to capture packets of

3
00:00:11,640 --> 00:00:16,560
the wire and then display something in this topology.

4
00:00:16,590 --> 00:00:19,920
I have an option to host an ether switch switch.

5
00:00:19,930 --> 00:00:26,910
That's the built in switch in genius three, a Cisco iOS switch and a Cisco iOS router.

6
00:00:27,300 --> 00:00:33,060
The router is running multiple routing protocols, so we should be able to capture OSPF messages and

7
00:00:33,060 --> 00:00:35,340
IGP messages on the saboteur.

8
00:00:35,370 --> 00:00:43,110
Host The switch is going to be generating multiple messages such as http, cdp, http.

9
00:00:43,410 --> 00:00:46,740
So those once again should be captured by this Ubuntu host.

10
00:00:47,250 --> 00:00:56,790
So again, what are we going to do is run wireshark on the ubuntu host but specifically t shock and

11
00:00:56,790 --> 00:01:04,349
an application called py shock which allows us to leverage t shock and interact with t shock using python.

12
00:01:04,800 --> 00:01:08,520
Now there are many ways to do this, but this is a very simple way to get started.

13
00:01:08,700 --> 00:01:14,580
So again, I'm going to show you how to use Python to programmatically manipulate t shock to capture

14
00:01:14,580 --> 00:01:16,740
packets and display information to us.

15
00:01:17,250 --> 00:01:19,590
This net cloud gives us internet access.

16
00:01:19,590 --> 00:01:28,740
So the ubuntu host is connected to the internet because I want to show you how to download applications

17
00:01:28,740 --> 00:01:29,700
from the internet.

18
00:01:29,910 --> 00:01:33,600
So as an example, I can ping google from the xubuntu.

19
00:01:33,630 --> 00:01:37,380
Host, it received an IP address from the net cloud.

20
00:01:37,860 --> 00:01:41,940
So again, ping, say google.com.

21
00:01:43,820 --> 00:01:51,110
That ping succeeds because we have internet connectivity from the Ubuntu host through the switch via

22
00:01:51,110 --> 00:01:55,430
the net cloud onto my physical network and onto the internet.

23
00:01:58,430 --> 00:01:58,730
Okay.

24
00:01:58,730 --> 00:02:03,090
So the first thing we want to do is install t shock.

25
00:02:03,110 --> 00:02:07,520
Before doing that, I'm going to update ubuntu references.

26
00:02:09,030 --> 00:02:14,880
It's recommended that you update your references before installing software, making sure that the references

27
00:02:14,880 --> 00:02:18,180
are good, that you have the most up to date information.

28
00:02:18,360 --> 00:02:27,240
So my ubuntu references have been updated, so I'm going to use the command apt get install t shock.

29
00:02:27,600 --> 00:02:34,110
Now this is once again an a boon to host, so I'm going to be using a bunch of commands in this example.

30
00:02:35,010 --> 00:02:38,310
I'm going to specify yes to install the software.

31
00:02:38,980 --> 00:02:46,990
And that'll essentially download t shock from the internet and install it on my computer.

32
00:02:47,050 --> 00:02:53,710
I'm going to allow non super users to capture packets, even though that's not exactly necessary here.

33
00:02:53,800 --> 00:02:57,070
I'm running as route on the super client.

34
00:02:57,770 --> 00:03:01,070
So the commands we've run are apt to get installed to shock.

35
00:03:01,100 --> 00:03:03,920
And before that I used app to get update.

36
00:03:04,460 --> 00:03:07,550
Now I'm using an ubuntu host here.

37
00:03:07,550 --> 00:03:11,150
Python 3.5 is already installed.

38
00:03:11,240 --> 00:03:16,820
You could use app to get install python and specify a python version to install.

39
00:03:17,060 --> 00:03:21,110
So I could use commands such as apt get install python 3.5.

40
00:03:21,170 --> 00:03:25,340
But notice I've already got Python 3.5 installed.

41
00:03:27,360 --> 00:03:29,690
So I've already got Python installed.

42
00:03:29,700 --> 00:03:31,980
The next thing to install is PUP three.

43
00:03:32,490 --> 00:03:35,820
Now what I'm going to do is install Pip.

44
00:03:37,340 --> 00:03:41,180
And in this case, I want to get Python three pip.

45
00:03:42,170 --> 00:03:44,070
I'm going to be using Python three.

46
00:03:44,090 --> 00:03:47,840
It's recommended today that you use Python three.

47
00:03:48,110 --> 00:03:50,710
Python two is going to be end of life very soon.

48
00:03:50,720 --> 00:03:59,030
So we want to use python three rather than python two and py shock runs with python three.

49
00:03:59,030 --> 00:04:04,010
You have to use a legacy version of py shock if you want to use Python 2.7.

50
00:04:05,690 --> 00:04:11,230
So all we're doing here once again is connecting to the Internet and installing PIP.

51
00:04:11,750 --> 00:04:13,790
So again, that's the command we used.

52
00:04:13,820 --> 00:04:16,279
App get install python three pip.

53
00:04:17,450 --> 00:04:21,620
I'll add all these commands below this video so you can.

54
00:04:22,690 --> 00:04:24,490
Follow the commands, if you like.

55
00:04:25,470 --> 00:04:25,770
Okay.

56
00:04:25,770 --> 00:04:31,680
POP3 is installed so now I can use the command pip three install py shock.

57
00:04:32,580 --> 00:04:37,530
This will install py shock on my computer.

58
00:04:39,340 --> 00:04:41,470
Supply shock is now installed.

59
00:04:41,770 --> 00:04:49,990
And what I could do as an example is run te shock and notice te shock is now capturing packets.

60
00:04:49,990 --> 00:04:52,990
I can see in OSPF packet I can see spanning tree.

61
00:04:53,110 --> 00:04:55,620
I can see air drop and so forth.

62
00:04:55,630 --> 00:05:01,300
So I've been able to successfully run t shock and capture packets.

63
00:05:01,300 --> 00:05:03,400
PY Shock doesn't run here.

64
00:05:03,430 --> 00:05:10,030
We're going to call py shock from within a Python script or directly from within Python.