python黑帽之流量嗅探和解码IP层

LZ考完又回来了哈哈哈哈哈哈，后面读研究生就可以不学原来的专业去选一些CS相关的课程，自学一些相关的知识，其中详细就不细说了。

好了，这次写了流量嗅探解码IP层。让我懊恼的是中间有几个if  循环总是提示说我缩进问题，搞得我最后去网上找了别人的代码复制过来才OK，不知道为什么，是notepad++的问题嘛？简直醉了。附上代码，

import socketimport os import structfrom ctypes import *#监听的主机host = '222.205.49.114'#IP头定义class IP(Structure):    _fields_ = [        ("ihl",           c_ubyte, 4),        ("version",       c_ubyte, 4),        ("tos",           c_ubyte),        ("len",           c_ushort),        ("id",            c_ushort),        ("offset",        c_ushort),        ("ttl",           c_ubyte),        ("protocol_num",  c_ubyte),        ("sum",           c_ushort),        ("src",           c_ulong),        ("dst",           c_ulong)    ]     def __new__(self,socket_buffer=None):        return self.from_buffer_copy(socket_buffer)      def __init__(self, socket_buffer=None):        # map protocol constants to their names        self.protocol_map = {1:"ICMP", 6:"TCP", 17:"UDP"}        # human readable IP addresses        self.src_address = socket.inet_ntoa(struct.pack("<L",self.src))        self.dst_address = socket.inet_ntoa(struct.pack("<L",self.dst))        # human readable protocol        try:            self.protocol = self.protocol_map[self.protocol_num]        except:            self.protocol = str(self.protocol_num)if os.name == 'nt':socket_protocol = socket.IPPROTO_IPelse:socket_protocol = socket.IPPROTO_ICMPsniffer = socket.socket(socket.AF_INET,socket.SOCK_RAW,socket_protocol)sniffer.bind((host,0))sniffer.setsockopt(socket.IPPROTO_IP,socket.IP_HDRINCL,1)if os.name == 'nt':sniffer.ioctl(socket.SIO_RCVALL,socket.RCVALL_ON)try:while True:#读取数据包raw_buffer = sniffer.recvfrom(65565)[0]#将缓冲区前20个字节按照IP 头进行解析ip_header = IP(raw_buffer[0:20])#输出协议和通信双方的IP地址print('Protocol: %s %s -> %s'%(ip_header.protocol,ip_header.src_address,ip_header.dst_address))#处理CTRL-CTRL-Cexcept KeyboardInterrupt:if os.name == 'nt':sniffer.ioctl(socket.SIO_RCVALL,socket.RCVALL_OFF)