标签:utf-8 检测 www. fse == port 分析 字母 head
http://www.qingruxu.com/code/python/851.html
https://tools.ietf.org/html/rfc1035
里面的图不一定正确,可以使用抓包软件来进行分析。
# Resource record format # 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ # | | # / / # / NAME / # | | # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ # | TYPE | # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ # | CLASS | # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ # | TTL | # | | # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ # | RDLENGTH | # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--| # / RDATA / # / / # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
这里的 TYPE CLASS 应该是各占8个字节。 这里却画错了。
抓包软件推荐 Wireshark 挺好用的。
#coding:utf-8 import socket import struct #dns 服务器地址 ip = ‘8.8.8.8‘ port = 53 #创建一个dup通讯 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) # rfc1035 # format # +---------------------+ # | Header | # +---------------------+ # | Question | the question for the name server # +---------------------+ # | Answer | RRs answering the question # +---------------------+ # | Authority | RRs pointing toward an authority # +---------------------+ # | Additional | RRs holding additional information # +---------------------+ # # header # 1 1 1 1 1 1 # 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ # | ID | # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ # |QR| Opcode |AA|TC|RD|RA| Z | RCODE | # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ # | QDCOUNT | # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ # | ANCOUNT | # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ # | NSCOUNT | # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ # | ARCOUNT | # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ request_id = 65535 #2个Byte 长度无符号数 header = struct.pack(‘!HBBHHHH‘, request_id, 1, 0, 1, 0, 0, 0) #question = struct.pack("!B5sB3sBHH",5,"baidu",3,"com",0,1,1) #这里是原生格式 就是数一下有几个字母 #格式要求是5baidu3com011 最后的11是2个字节的宽度 #QTYPE 1 是 A记录 #QCLASS 默认都是1 question = "" domain = "baidu.com" #用算法实现上面的格式 for element in domain.split("."): question += struct.pack("!B",len(element)) + element question += struct.pack("!BHH",0,1,1) dns_req = header + question sock.sendto(dns_req,(ip,port)) resp_data,(resp_addr,resp_port) = sock.recvfrom(512) # Resource record format # 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ # | | # / / # / NAME / # | | # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ # | TYPE | # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ # | CLASS | # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ # | TTL | # | | # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ # | RDLENGTH | # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--| # / RDATA / # / / # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ # header (resp_request_id,resp_flag,resp_qdcount,resp_ancount,resp_nscount,resp_arcount) = struct.unpack("!HHHHHH",resp_data[:12]) #检测request_id 和 RQ RCODE if resp_request_id == request_id: #RQ 是15位 if resp_flag == resp_flag | 1<<15: #RCODE 必须是0 这里与上 0 和原来的值做比较 if resp_flag == resp_flag & ~0xf: #返回记录数大于0 查询记录数大于0 if 0 < resp_qdcount and 0 < resp_ancount: #减去header 6个字节 record = resp_data[12:] #减去问题 返回问题和发送问题一样 record = record[len(question):] (offset,type,rdclass,ttl,rdlen,ip1,ip2,ip3,ip4) = struct.unpack("!HHHLHBBBB",record[:struct.calcsize("!HHHLHBBBB")]) print "{0}.{1}.{2}.{3}".format(ip1,ip2,ip3,ip4) 主要的就是把数据打包成网络二进制流,使用 struct 非常方便。这里仅实现了对 A 记录的解析,CNAME 的未实现。
标签:utf-8 检测 www. fse == port 分析 字母 head
原文地址:https://www.cnblogs.com/j4s0n/p/10725606.html