【发布时间】:2016-01-01 00:58:40
【问题描述】:
我正在尝试捕获 tcp 请求(入站)数据包。正如它在黑帽 python 书中描述的那样,这是嗅探器代码。但是这个嗅探器不会捕获 tcp 请求数据包。我需要从 Windows 运行环境中捕获。
class IP(Structure):
_fields_ = [
("version", c_ubyte, 4),
("ihl", c_ubyte, 4),
("tos", c_ubyte),
("len", c_ushort),
("id", c_ushort),
("offset", c_ushort),
("ttl", c_ubyte),
("protocol_num", c_ubyte),
("sum", c_ushort),
("src", c_uint32),
("dst", c_uint32)
]
def __new__(self, socket_buffer=None):
return self.from_buffer_copy(socket_buffer)
def __init__(self, socket_buffer=None):
# map protocol constants to their names
self.protocol_map = {1:"ICMP", 6:"TCP", 17:"UDP"}
self.src_address = socket.inet_ntoa(struct.pack("@I",self.src))
self.dst_address = socket.inet_ntoa(struct.pack("@I",self.dst))
# human readable protocol
try:
self.protocol = self.protocol_map[self.protocol_num]
except:
self.protocol = str(self.protocol_num)
if os.name == "nt":
socket_protocol = socket.IPPROTO_IP
else:
socket_protocol = socket.IPPROTO_ICMP
sniffer = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket_protocol)
sniffer.bind((host, 0))
sniffer.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
# to set up promiscuous mode
if os.name == "nt":
sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)
try:
while True:
# read in a packet
raw_buffer = sniffer.recvfrom(65565)[0]
# create an IP header from the first 20 bytes of the buffer
ip_header = IP(raw_buffer[0:])
# print out the protocol that was detected and the hosts
print "Protocol: %s %s -> %s " % (ip_header.protocol, ip_header.src_address, ip_header.dst_address)
【问题讨论】:
-
您是否以管理员权限运行?
-
@JimGarrison 是的,我正在以管理员权限运行。 linux和windows环境都试过了
-
这些数据包是在无线还是有线网络上?如果是无线的,您可能需要将无线适配器设置为许可模式
-
@BrianCain 这些数据包是无线的
-
你能在有线连接上尝试相同的代码吗?另外,如果你安装了 Wireshark,你会看到有问题的数据包吗?
标签: python sockets packet-sniffers sniffing sniffer