Windows上的Python 3.6中的原始套接字数据包嗅探器 [英] Raw socket packet sniffer in Python 3.6 on Windows
问题描述
我正在尝试嗅探数据包,但是我得到的输出很奇怪,我不明白原因..
这就是我的代码,请帮助我
(我在Windows 8.1上使用的是Python 3.6)
I am trying to sniff packets but i am getting strange output and i don't understand the reason..
So that's my code please help me
(I'm using Python 3.6 on Windows 8.1)
import socket
import struct
import binascii
import textwrap
def main():
# Get host
host = socket.gethostbyname(socket.gethostname())
print('IP: {}'.format(host))
# Create a raw socket and bind it
conn = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_IP)
conn.bind((host, 0))
# Include IP headers
conn.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
# Enable promiscuous mode
conn.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)
while True:
# Recive data
raw_data, addr = conn.recvfrom(65536)
# Unpack data
dest_mac, src_mac, eth_proto, data = ethernet_frame(raw_data)
print('\nEthernet Frame:')
print("Destination MAC: {}".format(dest_mac))
print("Source MAC: {}".format(src_mac))
print("Protocol: {}".format(eth_proto))
# Unpack ethernet frame
def ethernet_frame(data):
dest_mac, src_mac, proto = struct.unpack('!6s6s2s', data[:14])
return get_mac_addr(dest_mac), get_mac_addr(src_mac), get_protocol(proto), data[14:]
# Return formatted MAC address AA:BB:CC:DD:EE:FF
def get_mac_addr(bytes_addr):
bytes_str = map('{:02x}'.format, bytes_addr)
mac_address = ':'.join(bytes_str).upper()
return mac_address
# Return formatted protocol ABCD
def get_protocol(bytes_proto):
bytes_str = map('{:02x}'.format, bytes_proto)
protocol = ''.join(bytes_str).upper()
return protocol
main()
从此代码中,我得到以下输出:
IP:192.168.1.12
From this code i get this output:
IP: 192.168.1.12
以太网帧:
目标MAC: 45:00:00:43:00:00
来源MAC: 40:00:2C:11:48:D3
协议: 4266
Ethernet Frame:
Destination MAC: 45:00:00:43:00:00
Source MAC: 40:00:2C:11:48:D3
Protocol: 4266
以太网帧:
目标MAC: 45:00:00:42:11:E7
来源MAC: 00:00:80:11:00:00
协议: C0A8
Ethernet Frame:
Destination MAC: 45:00:00:42:11:E7
Source MAC: 00:00:80:11:00:00
Protocol: C0A8
以太网帧:
目标MAC: 45:00:00:33:04:D6
来源MAC: 00:00:80:11:00:00
协议: C0A8
Ethernet Frame:
Destination MAC: 45:00:00:33:04:D6
Source MAC: 00:00:80:11:00:00
Protocol: C0A8
.
.
.
.
.
.
根据 EtherType列表,该协议不存在,并且使用Wireshark i分析我的流量确保此MAC在我的局域网中不存在
According to EtherType list this protocols don't exist and analysing my traffic with Wireshark i am sure that this MACs don't exist in my LAN
所以我绝对是在做错事,但我不明白是什么
预先感谢
So I'm definitely doing something wrong but I do not understand what
Thanks in advance
推荐答案
提示是,所有目标Mac地址都以0x45
开头.那是 IP标头的第一个字节.因此,您的代码将获取所有IP数据包,而不是那些帧的MAC标头.
The hint is that all your Destination Mac addresses start with 0x45
. That's the first byte of the IP header. So your code is getting all the IP packets, but not the MAC header for those frames.
这篇关于Windows上的Python 3.6中的原始套接字数据包嗅探器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!