1
00:00:00,240 --> 00:00:06,150
So I'm going to use nano here and simply create a script called Python one but p y you probably want

2
00:00:06,150 --> 00:00:12,330
to use a lot better naming convention than that but that's a K for what we are doing here in this demonstration

3
00:00:13,930 --> 00:00:17,920
rather than trying to type this manually I'm going to paste the script in so that I don't make lots

4
00:00:17,920 --> 00:00:19,800
of mistakes.

5
00:00:19,990 --> 00:00:22,660
The first thing we going to do is import pi shock.

6
00:00:22,660 --> 00:00:29,290
This is a variable we're going to use pi shock to live capture of our interface.

7
00:00:29,320 --> 00:00:38,800
Ethan at zero will say that script life config shows us that this is the network interface card.

8
00:00:38,830 --> 00:00:45,320
We can see that ingenious 3 any way but this shows us in Linux that that's our Ethan it card.

9
00:00:45,330 --> 00:00:46,770
I'll edit that script again.

10
00:00:47,710 --> 00:00:51,140
So we're going to capture traffic of Ethan it zero.

11
00:00:51,190 --> 00:01:01,000
We've got a loop here saying for packet in capture we gain to continuously sniff but we're going to

12
00:01:01,000 --> 00:01:10,160
capture 50 packets so this will start ti shock and stop and start capturing packets of the wire but

13
00:01:10,190 --> 00:01:16,110
only 50 packets now don't actually need to write to a file remove that.

14
00:01:16,380 --> 00:01:23,850
What are we going to do here is some exception handling we're going to try and print the source IP address

15
00:01:23,880 --> 00:01:29,310
and destination IP address but some traffic types like spending tree don't have a source destination

16
00:01:29,340 --> 00:01:30,190
IP address.

17
00:01:30,480 --> 00:01:32,430
So they'll give us an error.

18
00:01:32,520 --> 00:01:39,810
So I've got to try statement and if we receive a spanning tree packet it's simply going to say continue

19
00:01:40,260 --> 00:01:41,610
running the loop.

20
00:01:41,880 --> 00:01:49,290
So this pass basically is just a normal statement to put something there so that the script can continue.

21
00:01:49,290 --> 00:01:52,920
I'm then going to print the end and I'm going to exit out of the script.

22
00:01:52,920 --> 00:01:58,080
That sometimes solves the issue that I had with PI shock.

23
00:01:58,080 --> 00:02:00,690
In other words the error that it was displaying.

24
00:02:01,200 --> 00:02:11,030
So let's run that Python 3 Python 1 and the p why what the should hopefully do is start t shock and

25
00:02:11,030 --> 00:02:15,780
start printing out to the source and destination IP addresses.

26
00:02:15,920 --> 00:02:23,780
So as we can see here a source IP address sent traffic to this IP address that's EAI GOP the source

27
00:02:23,780 --> 00:02:32,550
IP address sent traffic to this IP address that's o SPF it's on my road show IP interface brief.

28
00:02:32,770 --> 00:02:40,150
This shows us the IP address of the router show IP protocols shows us of the routing protocols enabled

29
00:02:40,150 --> 00:02:41,060
on this road.

30
00:02:41,590 --> 00:02:49,240
So just scrolling up this IP address is sending updates as we can see over there there's a source IP

31
00:02:49,240 --> 00:02:53,500
address to multicast IP addresses.

32
00:02:53,630 --> 00:02:59,350
Firstly the one for EAI GOP ya GOP uses 10.

33
00:02:59,400 --> 00:03:00,080
This.

34
00:03:00,130 --> 00:03:04,930
Your piece multicast address always preface sending updates.

35
00:03:05,020 --> 00:03:13,720
Here's a wispy PFC multicast IP address so we can see in the updates they that the router is sending

36
00:03:14,200 --> 00:03:22,150
ya GOP updates as well as OSP SPF updates into the network and why shock when this case T shock has

37
00:03:22,150 --> 00:03:23,850
captured those packets.

38
00:03:23,890 --> 00:03:32,410
I started T shock via a python script and then I did something I got it to just print out the source

39
00:03:32,410 --> 00:03:35,890
and destination ip addresses as an example.

40
00:03:35,900 --> 00:03:38,240
Now this once again is that exception era.

41
00:03:38,240 --> 00:03:40,580
I'm going to ignore it for the moment.

42
00:03:40,850 --> 00:03:42,930
This is the end of our script.

43
00:03:43,130 --> 00:03:46,830
What I'll do now is run that script again.

44
00:03:47,180 --> 00:03:55,580
But what I'll do here is I'll ping 1 9 2 1 6 8 1 22 255 so ping a broadcast address.

45
00:03:55,640 --> 00:04:07,670
Notice it's displayed as that 255 255 255 255 so that broadcast Ping has been received by the Y shock

46
00:04:07,670 --> 00:04:08,960
application.

47
00:04:08,960 --> 00:04:12,390
Notice there's the destination multicast address 239

48
00:04:15,050 --> 00:04:19,450
one got one good one do that again.

49
00:04:19,530 --> 00:04:32,670
There's the multicast once again being captured by te shock let's do one two three.

50
00:04:32,750 --> 00:04:35,010
There you go.

51
00:04:35,060 --> 00:04:41,130
So this is a very simple script we're not doing that much yet.

52
00:04:41,140 --> 00:04:45,000
We essentially just printing source and destination IP address.

53
00:04:45,010 --> 00:04:48,940
Well we could do is do something else so let's print out

54
00:04:54,920 --> 00:04:55,900
a GOP

55
00:05:00,420 --> 00:05:09,890
autonomous system no and I should preface that by saying P E S equals that save the script.

56
00:05:09,890 --> 00:05:18,220
So Python 3 Python wondered P why notice we can see in the output that the GOP autonomous system number

57
00:05:18,220 --> 00:05:21,520
is 100.

58
00:05:21,630 --> 00:05:27,000
So again I'm capturing packets in real time off this network

59
00:05:29,930 --> 00:05:36,760
that's a boon to host is capturing packets of Ethan zero and I'll just stop that script at this point.

60
00:05:42,140 --> 00:05:48,230
I can see what the source IP addresses what the destination IP address is and what the GOP autonomous

61
00:05:48,230 --> 00:05:49,520
system number is.

62
00:05:49,670 --> 00:05:55,550
Now this is again a very very basic script you could use if statements here you could do much more complex

63
00:05:55,550 --> 00:05:56,380
things.

64
00:05:56,450 --> 00:06:04,310
So if it's easy GOP then print the autonomous system no if it's spanning tree then do something else.

65
00:06:04,310 --> 00:06:11,090
All those options exist with PI shock and I mean you can leverage the power of Python here to do all

66
00:06:11,090 --> 00:06:12,950
kinds of fancy things.

67
00:06:12,950 --> 00:06:20,530
The moral of the story is I've used Python to start t shock to capture packets of the wire.

68
00:06:20,660 --> 00:06:26,510
Then I'm looking at those packets and then doing something with the information that's captured.

69
00:06:26,510 --> 00:06:31,160
This is a very simple example showing source and destination IP addresses and GOP autonomous system

70
00:06:31,160 --> 00:06:33,830
numbers but you could do something much more complex.