我无法用Python和套接字探查更多协议。。。
我正在嗅探UDP、IPv4、ICMP、TCP。
示例:
import socket
import struct
import textwrap
TAB_1 = 't - '
TAB_2 = 'tt - '
TAB_3 = 'ttt - '
TAB_4 = 'tttt - '
DATA_TAB_1 = 't '
DATA_TAB_2 = 'tt '
DATA_TAB_3 = 'ttt '
DATA_TAB_4 = 'tttt '
# Main
def main():
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
while True:
raw_data, addr = conn.recvfrom(65536)
dest_mac, src_mac, eth_proto, data = ethernet_frame(raw_data)
print('nEthernet Frame:')
print(TAB_1 + 'Destination: {}, Source{}, Protocol: {}'.format(dest_mac, src_mac, eth_proto))
# 8 for IPv4
if eth_proto == 8:
(version, header_length, ttl, proto, src, target, data) = ipv4_packet(data)
print(TAB_1 + '�33[0;37;41m IPv4 Packet: �33[0m ')
print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {} '.format(version, header_length,ttl))
print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(proto, src, target))
#ICMP
if proto == 1:
icmp_type, code, checksum, data = icmp_packet(data)
print(TAB_1 + '�33[0;37;42m ICMP Packet: �33[0m ')
print(TAB_2 + 'Type: {}, Code: {}, Checksum: {}, '.format(icmp_type, code, checksum))
print(TAB_2 + 'Data: ')
print(format_multi_line(DATA_TAB_3, data))
#TCP
elif proto == 6:
(src_port, dest_port, sequence, acknowledgegement, flag_urg, flag_ack, flag_psh, flag_rst, flag_syn, flag_fin, data) = tcp_segment(data)
print(TAB_1 + '�33[0;37;43m TCP segment: �33[0m ')
print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(src_port, dest_port))
print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(sequence, acknowledgegement))
print(TAB_2 + 'Flags: ')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}, RST: {}, SYN: {}, FIN: {}'.format(flag_urg, flag_ack, flag_psh, flag_rst, flag_syn, flag_fin))
print(TAB_2 + 'Data:')
print(format_multi_line(DATA_TAB_3, data))
#UDP
elif proto == 17:
src_port, dest_port, length, data = udp_segment(data)
print(TAB_1 + '�33[0;37;45m UDP Segment: �33[0m')
print(TAB_2 + 'Source Port: {}, Destination Port: {}, Length: {}'.format(src_port, dest_port, length))
# Other
else:
print(TAB_1 + '�33[0;37;46m Other: �33[0m')
print(TAB_2 + 'Data: ')
print(format_multi_line(DATA_TAB_3, data))
# Unpack ethernet frame
def ethernet_frame(data):
dest_mac, src_mac, proto = struct.unpack('! 6s 6s H', data[:14])
return get_mac_addr(dest_mac), get_mac_addr(src_mac), socket.htons(proto), data[14:]
# Return properly formatted MAC address (ie AA:BB:CC:DD:EE:FF)
def get_mac_addr(bytes_addr):
bytes_str = map('{:-2x}'.format, bytes_addr)
return ':'.join(bytes_str).upper()
# Unpacks IPv4 packet
def ipv4_packet(data):
version_header_length = data[0]
version = version_header_length >> 4
header_length = (version_header_length & 15) * 4
ttl, proto, src, target = struct.unpack('! 8x B B 2x 4s 4s', data[:20])
return version, header_length, ttl, proto, ipv4(src), ipv4(target), data[header_length:]
#Returns properly fomatted IPv4 address
def ipv4(addr):
return '.'.join(map(str, addr))
# Unpacks ICMP packet
def icmp_packet(data):
icmp_type, code, checksum = struct.unpack('! B B H', data[:4])
return icmp_type, code, checksum, data[4:]
# Unpacks TCP segment
def tcp_segment(data):
(src_port, dest_port, sequence, acknowledgegement, offset_reserved_flags) = struct.unpack('! H H L L H', data[:14])
offset = (offset_reserved_flags >> 12) * 4
flag_urg = (offset_reserved_flags & 32) >> 5
flag_ack = (offset_reserved_flags & 16) >> 4
flag_psh = (offset_reserved_flags & 8) >> 3
flag_rst = (offset_reserved_flags & 4) >> 2
flag_syn = (offset_reserved_flags & 2) >> 1
flag_fin = offset_reserved_flags & 1
return src_port, dest_port, sequence, acknowledgegement, flag_urg, flag_ack, flag_psh, flag_rst, flag_syn, flag_fin, data[offset:]
# Unpacks UDP segment
def udp_segment(data):
src_port, dest_port, size = struct.unpack('! H H 2x H', data[:8])
return src_port, dest_port, size, data[8:]
# Formats multi-line data
def format_multi_line(prefix, string, size=80):
size -= len(prefix)
if isinstance(string, bytes):
string = ''.join(r'x{:02x}'.format(byte) for byte in string)
if size % 2:
size -= 1
return 'n'.join([prefix + line for line in textwrap.wrap(string, size)])
#main()
main()
我如何获得其他协议,例如HTTP、HTTPS、ARP等?
我使用数据包分析器是因为我需要计算信息量,因为我需要绘制服务器工作的数据包以检测可能的威胁,更多地关注DDoS或DoS攻击
如何获得其他协议,例如HTTP、HTTPS、ARP等?
与您想要实现的复杂任务相比,您从一个相当小的代码库(可能还有知识(开始。因此,我只能提示您代码可能需要朝哪个方向发展——其他方面都太宽泛了。
HTTP和HTTPS是TCP之上的应用程序协议。因此,如果你嗅探TCP,你也会隐式地嗅探这些协议——但你需要能够根据协议规范解析嗅探的有效载荷——即读取标准。此外,在开始分析建立在TCP之上的应用程序协议之前,还需要首先重新组装TCP流。
关于ARP:您只关心代码中的ETH_p_IP(0x0800(,但ARP是ETH_p_ARP(0x0806(。