) to monitor traffic, or use a Pythonic solution like Scapy (which we’ll explore in the next chapter). Nevertheless, there’s an advantage to knowing how to throw together a quick sniffer to view and decode network traffic. Writing a tool like this will also give you a deep appreciation for the mature tools that can painlessly take care of the finer points with little effort on your part. You will also likely pick up some new Python techniques and perhaps a better understanding of how the low-level networking bits work.

] which enables promiscuous mode on the network interface. In our first example, we simply set up our raw socket sniffer, read in a single packet, and then quit.

for the makeup of an IP header.

, and here is the output from our script:

for a diagram of a Destination Unreachable ICMP message.

Or, if you installed the Python setup tools package in , you can simply execute the following from a command prompt:

. This would allow a deployed trojan to scan the local network looking for additional targets. Now that we have the basics down of how networks work on a high and low level, let’s explore a very mature Python library called Scapy.

---

^[] An input/output control (IOCTL) is a means for userspace programs to communicate with kernel mode components. Have a read here: .