Unable to sniff outgoing traffic using raw sockets in python2.7

[Ayush Aggarwal]

Hello,

Following is my code :

#!/usr/bin/python

import socket
import struct
import binascii

rawSocket = socket.socket(socket.PF_PACKET,socket.SOCK_RAW,socket.htons(0x0800))
# use 0x0800 for IPv4 packets , 0x0003 is for sniffing all kinds of packets

while True:
        pkt= rawSocket.recvfrom(2048)

        ethernetHeader = pkt[0][0:14]

        pr = unicode(ethernetHeader, errors='replace')
        print pr
        eth_hdr = struct.unpack("!6s6s2s",ethernetHeader)

        print "Source MAC Address :" , binascii.hexlify(eth_hdr[1])
        print "Destination MAC Address : " , binascii.hexlify(eth_hdr[0])
        print "Protocol : " , binascii.hexlify(eth_hdr[2])
        ipHeader = pkt[0][14:34]
        ip_hdr = struct.unpack("!12s4s4s",ipHeader)
        print "Source ip ADDRESS : " + socket.inet_ntoa(ip_hdr[1])
        print "Destination IP Address: " + socket.inet_ntoa(ip_hdr[2])
        # initial part of the tcp header
        tcpHeader = pkt[0][34:54]
        tcp_hdr = struct.unpack("!HH16s",tcpHeader)
        print "Source Port ADDRESS : " ,tcp_hdr[0]
        print "Destination Port ADDRESS : " , tcp_hdr[1]


Issues :
1. Unable to capture any outgoing IPv4 traffic. I ran the sniff()
method in Scapy and it does capture the outgoing packets.

2. I am NOT USING PROMISCUOUS MODE , still most of the packes I am
receiving neither have my IP or MAC in either of the source or
destination fields.

3. Captured data is different from the one observed using Scapy or Wireshark.

Request you to kindly clarify these observations.

Thanks and Regards,
Ayush