Python中的数据包嗅探(Windows) [英] Packet sniffing in Python (Windows)

问题描述

使用Python嗅探网络数据包的最佳方法是什么?

What is the best way to sniff network packets using Python?

我从几个地方听说，最好的模块是一个名为Scapy的模块，不幸的是，它使python.exe在我的系统上崩溃.我认为这只是我的安装方式的问题，除了许多其他人告诉我，它在Windows上不能很好地工作. (如果有人感兴趣，我正在运行Windows Vista，这可能会影响某些事情.)

I've heard from several places that the best module for this is a module called Scapy, unfortunately, it makes python.exe crash on my system. I would assume that it's just a problem with how I installed it, except that many other people have told me that it doesn't work particularly well on Windows. (If anyone is interested, I'm running Windows Vista, which might affect things).

有人知道更好的解决方案吗?

Does anyone know of a better solution?

UPD:

在阅读了告诉我要安装PyPcap的答案之后，我有点弄乱了，发现我尝试使用的Scapy也在告诉我也安装PyPcap，只是它是使用的修改版.显然是因为修改后的PyPcap导致了问题，因为答案中的示例也导致了挂起.

After reading the answer telling me to install PyPcap, I messed around with it a bit and found out that Scapy, which I had tried using, was telling me to install PyPcap as well, except that it's a modified version for it's use. It was this modified PyPcap that was causing the problem, apparently, since the example in the answer also caused a hang.

我安装了PyPcap的原始版本(来自Google的网站)，Scapy开始正常运行(我没有尝试很多事情，但是至少当我开始嗅探时，它并没有崩溃).我向Scapy开发人员发送了新的缺陷凭单: http://trac.secdev.org/scapy/票证/166 ，希望他们能做些什么.

I installed the original version of PyPcap (from Google's site), and Scapy started working fine (I didn't try many things, but at least it didn't crash as soon as I started sniffing). I sent a new defect ticket to the Scapy developers: http://trac.secdev.org/scapy/ticket/166, hope they can do something with it.

无论如何，只是以为我会让大家知道.

Anyways, just thought I'd let y'all know.

推荐答案

使用 pypcap :

import dpkt, pcap
pc = pcap.pcap()     # construct pcap object
pc.setfilter('icmp') # filter out unwanted packets
for timestamp, packet in pc:
    print dpkt.ethernet.Ethernet(packet)

输出样本:

Ethernet(src='\x00\x03G\xb2M\xe4', dst='\x00\x03G\x06h\x18', data=IP(src='\n\x00\x01\x1c',
dst='\n\x00\x01\x10', sum=39799, len=60, p=1, ttl=128, id=35102, data=ICMP(sum=24667,
type=8, data=Echo(id=512, seq=60160, data='abcdefghijklmnopqrstuvwabcdefghi'))))

Ethernet(src='\x00\x03G\x06h\x18', dst='\x00\x03G\xb2M\xe4', data=IP(src='\n\x00\x01\x10',
dst='\n\x00\x01\x1c', sum=43697, len=60, p=1, ttl=255, id=64227, data=ICMP(sum=26715,
data=Echo(id=512, seq=60160, data='abcdefghijklmnopqrstuvwabcdefghi'))))

这篇关于Python中的数据包嗅探(Windows)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！