Windows上的Python 3.6中的原始套接字数据包嗅探器 [英] Raw socket packet sniffer in Python 3.6 on Windows

问题描述

我正在尝试嗅探数据包，但是我得到的输出很奇怪，我不明白原因..
这就是我的代码，请帮助我
(我在Windows 8.1上使用的是Python 3.6)

I am trying to sniff packets but i am getting strange output and i don't understand the reason..
So that's my code please help me
(I'm using Python 3.6 on Windows 8.1)

import socket
import struct
import binascii
import textwrap

def main():
    # Get host
    host = socket.gethostbyname(socket.gethostname())
    print('IP: {}'.format(host))

    # Create a raw socket and bind it
    conn = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_IP)
    conn.bind((host, 0))

    # Include IP headers
    conn.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
    # Enable promiscuous mode
    conn.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)

    while True:
        # Recive data
        raw_data, addr = conn.recvfrom(65536)

        # Unpack data
        dest_mac, src_mac, eth_proto, data = ethernet_frame(raw_data)

        print('\nEthernet Frame:')
        print("Destination MAC: {}".format(dest_mac))
        print("Source MAC: {}".format(src_mac))
        print("Protocol: {}".format(eth_proto))

# Unpack ethernet frame
def ethernet_frame(data):
    dest_mac, src_mac, proto = struct.unpack('!6s6s2s', data[:14])
    return get_mac_addr(dest_mac), get_mac_addr(src_mac), get_protocol(proto), data[14:]

# Return formatted MAC address AA:BB:CC:DD:EE:FF
def get_mac_addr(bytes_addr):
    bytes_str = map('{:02x}'.format, bytes_addr)
    mac_address = ':'.join(bytes_str).upper()
    return mac_address

# Return formatted protocol ABCD
def get_protocol(bytes_proto):
    bytes_str = map('{:02x}'.format, bytes_proto)
    protocol = ''.join(bytes_str).upper()
    return protocol

main()

从此代码中，我得到以下输出:

IP:192.168.1.12

From this code i get this output:

IP: 192.168.1.12

以太网帧:
目标MAC: 45:00:00:43:00:00
来源MAC: 40:00:2C:11:48:D3
协议: 4266

Ethernet Frame:
Destination MAC: 45:00:00:43:00:00
Source MAC: 40:00:2C:11:48:D3
Protocol: 4266

以太网帧:
目标MAC: 45:00:00:42:11:E7
来源MAC: 00:00:80:11:00:00
协议: C0A8

Ethernet Frame:
Destination MAC: 45:00:00:42:11:E7
Source MAC: 00:00:80:11:00:00
Protocol: C0A8

以太网帧:
目标MAC: 45:00:00:33:04:D6
来源MAC: 00:00:80:11:00:00
协议: C0A8

Ethernet Frame:
Destination MAC: 45:00:00:33:04:D6
Source MAC: 00:00:80:11:00:00
Protocol: C0A8

.
.
.

.
.
.

根据 EtherType列表，该协议不存在，并且使用Wireshark i分析我的流量确保此MAC在我的局域网中不存在

According to EtherType list this protocols don't exist and analysing my traffic with Wireshark i am sure that this MACs don't exist in my LAN

所以我绝对是在做错事，但我不明白是什么
预先感谢

So I'm definitely doing something wrong but I do not understand what
Thanks in advance

推荐答案

提示是，所有目标Mac地址都以0x45开头.那是 IP标头的第一个字节.因此，您的代码将获取所有IP数据包，而不是那些帧的MAC标头.

The hint is that all your Destination Mac addresses start with 0x45. That's the first byte of the IP header. So your code is getting all the IP packets, but not the MAC header for those frames.

这篇关于Windows上的Python 3.6中的原始套接字数据包嗅探器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！