码迷,mamicode.com
首页 > 编程语言 > 详细

使用Python来写网络包探嗅器

时间:2015-02-11 11:09:14      阅读:215      评论:0      收藏:0      [点我收藏+]

标签:

使用Python来写网络包探嗅器(Code a network packet sniffer in python for Linux)

by Silver Moon

Basic Sniffer

Sniffers are programs that can capture/sniff/detect network traffic packet by packet and analyse them for various reasons. Commonly used in the field of network security. Wireshark is a very common packet sniffer/protocol analyzer. Packet sniffers can be written in python too. In this article we are going to write a few very simple sniffers in python for the linux platform. Linux because, although python is a portable, the programs wont run or give similar results on windows for example. This is due to difference in the implementation of the socket api.

Sniffers shown here dont use any extra libraries like libpcap. They just use raw sockets. So lets start coding them

The most basic form of a sniffer would be

#Packet sniffer in python
#For Linux

import socket

#create an INET, raw socket
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)

# receive a packet
while True:
  print s.recvfrom(65565)

Run this with root privileges or sudo on ubuntu :

$ sudo python sniffer.py

The above sniffer works on the principle that a raw socket is capable of receiving all (of its type , like AF_INET) incoming traffic in Linux.

The output could look like this :

$ sudo python raw_socket.py 
("E \x00x\xcc\xfc\x00\x000\x06j%J}G\x13\xc0\xa8\x01\x06\x01\xbb\xa3\xdc\x0b\xbeI\xbf\x1aF[\x83P\x18\xff\xff\x88\xf6\x00\x00\x17\x03\x01\x00\x1c\xbbT\xb3\x07}\xb0\xedqE\x1e\xe7;-\x03\x9bU\xb7\xb1r\xd2\x9e]\xa1\xb8\xac\xa4V\x9a\x17\x03\x01\x00*\xed\x1f\xda\xa4##Qe\x9a\xe9\xd6\xadN\xf4\x9b\xc4\xf0C‘\x01\xc4\x82\xdb\xb2\x8d(\xa5\xd0\x06\x95\x13WO\x0f\x8e\x1c\xa6f\x1d\xdf\xe1x", (‘74.125.71.19‘, 0))
(‘E \x00I\xcc\xfd\x00\x000\x06jSJ}G\x13\xc0\xa8\x01\x06\x01\xbb\xa3\xdc\x0b\xbeJ\x0f\x1aF[\x83P\x18\xff\xff:\x11\x00\x00\x17\x03\x01\x00\x1c\xaa];\t\x81yi\xbbC\xb5\x11\x14(Ct\x13\x10wt\xe0\xbam\xa9\x88/\xf8O{‘, (‘74.125.71.19‘, 0))
(‘E \x00(\xcc\xfe\x00\x000\x06jsJ}G\x13\xc0\xa8\x01\x06\x01\xbb\xa3\xdc\x0b\xbeJ0\x1aFa\x19P\x10\xff\xff\xe5\xb0\x00\x00‘, (‘74.125.71.19‘, 0))
(‘E \x00(\xcc\xff\x00\x000\x06jrJ}G\x13\xc0\xa8\x01\x06\x01\xbb\xa3\xdc\x0b\xbeJ0\x1aFbtP\x10\xff\xff\xe4U\x00\x00‘, (‘74.125.71.19‘, 0))

The above is a dump of the network packets in hex. They can be parsed using the unpack function.

Parsing the sniffed packet

Here is the code sniff and parse a TCP packet

#Packet sniffer in python for Linux
#Sniffs only incoming TCP packet

import socket, sys
from struct import *

#create an INET, STREAMing socket
try:
	s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
except socket.error , msg:
	print ‘Socket could not be created. Error Code : ‘ + str(msg[0]) + ‘ Message ‘ + msg[1]
	sys.exit()

# receive a packet
while True:
	packet = s.recvfrom(65565)
	
	#packet string from tuple
	packet = packet[0]
	
	#take first 20 characters for the ip header
	ip_header = packet[0:20]
	
	#now unpack them :)
	iph = unpack(‘!BBHHHBBH4s4s‘ , ip_header)
	
	version_ihl = iph[0]
	version = version_ihl >> 4
	ihl = version_ihl & 0xF
	
	iph_length = ihl * 4
	
	ttl = iph[5]
	protocol = iph[6]
	s_addr = socket.inet_ntoa(iph[8]);
	d_addr = socket.inet_ntoa(iph[9]);
	
	print ‘Version : ‘ + str(version) + ‘ IP Header Length : ‘ + str(ihl) + ‘ TTL : ‘ + str(ttl) + ‘ Protocol : ‘ + str(protocol) + ‘ Source Address : ‘ + str(s_addr) + ‘ Destination Address : ‘ + str(d_addr)
	
	tcp_header = packet[iph_length:iph_length+20]
	
	#now unpack them :)
	tcph=unpack(‘!HHLLBBHHH‘, tcp_header)


 

 
 
     
        source_port=tcph[0]
        dest_port=tcph[1]
        sequence=tcph[2]
        acknowledgement=tcph[3]
        doff_reserved=tcph[4]
        tcph_length=doff_reserved >>4
     
        print‘Source Port : ‘+str(source_port)+‘ Dest Port : ‘+str(dest_port)+‘ Sequence Number : ‘+str(sequence)+‘ Acknowledgement : ‘+str(acknowledgement)+‘ TCP header length : ‘+str(tcph_length)
     
        h_size=iph_length+tcph_length*4
        data_size=len(packet)-h_size
     
        #get data from the packet
        data=packet[h_size:]
     
        print‘Data : ‘+data

        print          

使用Python来写网络包探嗅器

标签:

原文地址:http://my.oschina.net/ev4n/blog/377542

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!