标签:
使用Python来写网络包探嗅器(Code a network packet sniffer in python for Linux)
Sniffers are programs that can capture/sniff/detect network traffic packet by packet and analyse them for various reasons. Commonly used in the field of network security. Wireshark is a very common packet sniffer/protocol analyzer. Packet sniffers can be written in python too. In this article we are going to write a few very simple sniffers in python for the linux platform. Linux because, although python is a portable, the programs wont run or give similar results on windows for example. This is due to difference in the implementation of the socket api.
Sniffers shown here dont use any extra libraries like libpcap. They just use raw sockets. So lets start coding them
The most basic form of a sniffer would be
#Packet sniffer in python #For Linux import socket #create an INET, raw socket s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP) # receive a packet while True: print s.recvfrom(65565)
Run this with root privileges or sudo on ubuntu :
$ sudo python sniffer.py
The above sniffer works on the principle that a raw socket is capable of receiving all (of its type , like AF_INET) incoming traffic in Linux.
The output could look like this :
$ sudo python raw_socket.py
("E \x00x\xcc\xfc\x00\x000\x06j%J}G\x13\xc0\xa8\x01\x06\x01\xbb\xa3\xdc\x0b\xbeI\xbf\x1aF[\x83P\x18\xff\xff\x88\xf6\x00\x00\x17\x03\x01\x00\x1c\xbbT\xb3\x07}\xb0\xedqE\x1e\xe7;-\x03\x9bU\xb7\xb1r\xd2\x9e]\xa1\xb8\xac\xa4V\x9a\x17\x03\x01\x00*\xed\x1f\xda\xa4##Qe\x9a\xe9\xd6\xadN\xf4\x9b\xc4\xf0C‘\x01\xc4\x82\xdb\xb2\x8d(\xa5\xd0\x06\x95\x13WO\x0f\x8e\x1c\xa6f\x1d\xdf\xe1x", (‘74.125.71.19‘, 0))
(‘E \x00I\xcc\xfd\x00\x000\x06jSJ}G\x13\xc0\xa8\x01\x06\x01\xbb\xa3\xdc\x0b\xbeJ\x0f\x1aF[\x83P\x18\xff\xff:\x11\x00\x00\x17\x03\x01\x00\x1c\xaa];\t\x81yi\xbbC\xb5\x11\x14(Ct\x13\x10wt\xe0\xbam\xa9\x88/\xf8O{‘, (‘74.125.71.19‘, 0))
(‘E \x00(\xcc\xfe\x00\x000\x06jsJ}G\x13\xc0\xa8\x01\x06\x01\xbb\xa3\xdc\x0b\xbeJ0\x1aFa\x19P\x10\xff\xff\xe5\xb0\x00\x00‘, (‘74.125.71.19‘, 0))
(‘E \x00(\xcc\xff\x00\x000\x06jrJ}G\x13\xc0\xa8\x01\x06\x01\xbb\xa3\xdc\x0b\xbeJ0\x1aFbtP\x10\xff\xff\xe4U\x00\x00‘, (‘74.125.71.19‘, 0))
The above is a dump of the network packets in hex. They can be parsed using the unpack function.
Here is the code sniff and parse a TCP packet
#Packet sniffer in python for Linux #Sniffs only incoming TCP packet import socket, sys from struct import * #create an INET, STREAMing socket try: s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP) except socket.error , msg: print ‘Socket could not be created. Error Code : ‘ + str(msg[0]) + ‘ Message ‘ + msg[1] sys.exit() # receive a packet while True: packet = s.recvfrom(65565) #packet string from tuple packet = packet[0] #take first 20 characters for the ip header ip_header = packet[0:20] #now unpack them :) iph = unpack(‘!BBHHHBBH4s4s‘ , ip_header) version_ihl = iph[0] version = version_ihl >> 4 ihl = version_ihl & 0xF iph_length = ihl * 4 ttl = iph[5] protocol = iph[6] s_addr = socket.inet_ntoa(iph[8]); d_addr = socket.inet_ntoa(iph[9]); print ‘Version : ‘ + str(version) + ‘ IP Header Length : ‘ + str(ihl) + ‘ TTL : ‘ + str(ttl) + ‘ Protocol : ‘ + str(protocol) + ‘ Source Address : ‘ + str(s_addr) + ‘ Destination Address : ‘ + str(d_addr) tcp_header = packet[iph_length:iph_length+20] #now unpack them :) tcph=unpack(‘!HHLLBBHHH‘, tcp_header)source_port=tcph[0]dest_port=tcph[1]sequence=tcph[2]acknowledgement=tcph[3]doff_reserved=tcph[4]tcph_length=doff_reserved >>4print‘Source Port : ‘+str(source_port)+‘ Dest Port : ‘+str(dest_port)+‘ Sequence Number : ‘+str(sequence)+‘ Acknowledgement : ‘+str(acknowledgement)+‘ TCP header length : ‘+str(tcph_length)h_size=iph_length+tcph_length*4data_size=len(packet)-h_size#get data from the packetdata=packet[h_size:]print‘Data : ‘+data
标签:
原文地址:http://my.oschina.net/ev4n/blog/377542
