Python 简单的模拟wireshark抓包工具
来源:互联网 发布:皮皮麻将算法 编辑:程序博客网 时间:2024/06/13 21:14
混杂模式是指路过目标机器的数据包也包含在内
0端口指系统自动分配
import socket
import os
#The host be listended
host = "192.168.1.100"
#it means windows ,posix stands for Linux
if os.name == "nt":
socket_protocal = socket.IPPROTO_IP
else:
socket_protocal = socket.IPPROTO_ICMP
sniffer = socket.socket(socket.AF_INET ,socket.SOCK_RAW ,socket_protocal)
sniffer.bind((host, 0))
#include the ip header into packet that captured
sniffer.setsockopt(socket.IPPROTO_IP,socket.IP_HDRINCL,1)
#Promiscuous Mode start
if os.name =="nt":
sniffer.ioctl(socket.SIO_RCVALL,socket.RCVALL_ON)
print sniffer.recvfrom(65565)
#Promiscuous Mode end
if os.name =="nt":
sniffer.ioctl(socket.SIO_RCVALL,socket.RCVALL_OFF)
然后解析以上数据包
#!/usr/bin/python
# coding=utf-8
import socket
import os
import struct
from ctypes import *
# 监听的主机
host = "192.168.1.100"
# IP头定义
class IP(Structure):
"""docstring for IP"""
_fields_ = [
("ihl", c_ubyte, 4),
("version", c_ubyte, 4),
("tos", c_ubyte),
("len", c_ushort),
("id", c_ushort),
("offset", c_ushort),
("ttl", c_ubyte),
("protocol_num", c_ubyte),
("sum", c_ushort),
("src", c_ulong),
("dst", c_ulong)
]
def __new__(self, socket_buffer=None):
return self.from_buffer_copy(socket_buffer)
def __init__(self, socket_buffer=None):
# 协议字段与协议名称对应
self.protocol_map = {1: "ICMP", 6: "TCP", 17: "UDP"}
# 可读性更强的IP地址
self.src_address = socket.inet_ntoa(struct.pack("<L", self.src))
self.dst_address = socket.inet_ntoa(struct.pack("<L", self.dst))
# 协议类型
try:
self.protocol = self.protocol_map[self.protocol_num]
except:
self.protocol = str(self.protocol_num)
# 下面的代码类似于之前的例子
if os.name == "nt":
socket_protocol = socket.IPPROTO_IP
else:
socket_protocol = socket.IPPROTO_ICMP
sniffer = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket_protocol)
sniffer.bind((host, 0))
sniffer.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
if os.name == "nt":
sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)
try:
while True:
# 读取数据包
raw_buffer = sniffer.recvfrom(65565)[0]
# 将缓冲区的前20个字节按IP头进行解析
ip_header = IP(raw_buffer[0:20])
# 输出协议和通信双方IP地址
print "Protocol : %s %s -> %s" % (ip_header.protocol, ip_header.src_address, ip_header.dst_address)
# 处理CTRL-C
except KeyboardInterrupt:
# 如果运行在Windows上,关闭混杂模式
if os.name == "nt":
sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_OFF)
- Python 简单的模拟wireshark抓包工具
- 网络抓包工具Wireshark的简单使用
- 抓包工具 Wireshark
- 抓包工具 Wireshark
- Wireshark抓包工具
- wireshark 抓包工具
- 抓包工具wireshark
- wireshark抓包工具
- 【抓包工具】wireshark
- wireshark抓包工具
- wireshark强大的抓包工具
- 抓包工具wireshark的使用
- linux下的抓包工具wireshark
- Kali 强大的抓包工具 WIRESHARK
- Wireshark抓包工具语法的使用
- Wireshark抓包工具的使用
- ubuntu 抓包工具 wireshark
- Wireshark网络抓包工具
- hdu5091 线段树扫描线
- oneinstack一键包Nginx php多版本共存配置全过程
- 使用mybatis的延迟加载
- 有关QT mingGW 5.4.2中的一些问题记录
- poj3088:Snowflake (Hash)
- Python 简单的模拟wireshark抓包工具
- Java设计模式——策略模式(Strategy Pattern)
- 201710020135->unity读excel
- LeetCode: Two Sum
- 3389之永不查杀的后门shift后门代码
- c++ next_permutation 枚举排列数
- MVG读书笔记——单应矩阵估计这件小事(四)
- 二叉排序树
- 关于Windows系列密码抓取