python arp嗅探原始套接字没有回复数据包 [英] Python arp sniffing raw socket no reply packets
问题描述
为了更好地理解网络概念并提高我的python技能,我尝试使用python实现数据包嗅探器.我刚刚开始学习python,因此当然可以对代码进行优化;)
to understand the network concepts a bit better and to improve my python skills I am trying to implement a packet sniffer with python. I have just started to learn python, so the code could be optimized of course ;)
我实现了一个数据包嗅探器,它将以太网帧和arp标头解包.我想使用原始套接字,因为我想了解这些标头中的每个字节,所以请不要轻易帮忙:)
I have implemented an packet sniffer which unpacks the ethernet frame and the arp header. I want to make it with raw sockets because I want to understand every byte within those headers, so please no scapy help :)
问题是,我不会收到任何arp回复数据包.它始终是操作码1和我
The problem is, that I won´t get any arp reply packet. It´s always opcode 1 and I
这是我的源代码:
import socket
import struct
import binascii
rawSocket = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(0x0806))
while True:
packet = rawSocket.recvfrom(2048)
ethernet_header = packet[0][0:14]
ethernet_detailed = struct.unpack("!6s6s2s", ethernet_header)
arp_header = packet[0][14:42]
arp_detailed = struct.unpack("2s2s1s1s2s6s4s6s4s", arp_header)
print "****************_ETHERNET_FRAME_****************"
print "Dest MAC: ", binascii.hexlify(ethernet_detailed[0])
print "Source MAC: ", binascii.hexlify(ethernet_detailed[1])
print "Type: ", binascii.hexlify(ethernet_detailed[2])
print "************************************************"
print "******************_ARP_HEADER_******************"
print "Hardware type: ", binascii.hexlify(arp_detailed[0])
print "Protocol type: ", binascii.hexlify(arp_detailed[1])
print "Hardware size: ", binascii.hexlify(arp_detailed[2])
print "Protocol size: ", binascii.hexlify(arp_detailed[3])
print "Opcode: ", binascii.hexlify(arp_detailed[4])
print "Source MAC: ", binascii.hexlify(arp_detailed[5])
print "Source IP: ", socket.inet_ntoa(arp_detailed[6])
print "Dest MAC: ", binascii.hexlify(arp_detailed[7])
print "Dest IP: ", socket.inet_ntoa(arp_detailed[8])
print "*************************************************\n"
有人可以解释一下为什么我只收到这些响应包吗?
could someone please explain me why I am getting no response packets just these?
输出:
****************_ETHERNET_FRAME_****************
Dest MAC: ffffffffffff
Source MAC: 0012bfc87243
Type: 0806
************************************************
******************_ARP_HEADER_******************
Hardware type: 0001
Protocol type: 0800
Hardware size: 06
Protocol size: 04
Opcode: 0001
Source MAC: 0012bfc87243
Source IP: 192.168.2.1
Dest MAC: 000000000000
Dest IP: 192.168.2.226
*************************************************
到目前为止,谢谢! :)
Thanks so far! :)
推荐答案
我认为您需要指定套接字协议号0x0003
来嗅探所有内容,然后在事后过滤掉非ARP数据包.这对我有用:
I think you need to specify socket protocol number 0x0003
to sniff everything, and then filter out non-ARP packets after the fact. This worked for me:
import socket
import struct
import binascii
rawSocket = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(0x0003))
while True:
packet = rawSocket.recvfrom(2048)
ethernet_header = packet[0][0:14]
ethernet_detailed = struct.unpack("!6s6s2s", ethernet_header)
arp_header = packet[0][14:42]
arp_detailed = struct.unpack("2s2s1s1s2s6s4s6s4s", arp_header)
# skip non-ARP packets
ethertype = ethernet_detailed[2]
if ethertype != '\x08\x06':
continue
print "****************_ETHERNET_FRAME_****************"
print "Dest MAC: ", binascii.hexlify(ethernet_detailed[0])
print "Source MAC: ", binascii.hexlify(ethernet_detailed[1])
print "Type: ", binascii.hexlify(ethertype)
print "************************************************"
print "******************_ARP_HEADER_******************"
print "Hardware type: ", binascii.hexlify(arp_detailed[0])
print "Protocol type: ", binascii.hexlify(arp_detailed[1])
print "Hardware size: ", binascii.hexlify(arp_detailed[2])
print "Protocol size: ", binascii.hexlify(arp_detailed[3])
print "Opcode: ", binascii.hexlify(arp_detailed[4])
print "Source MAC: ", binascii.hexlify(arp_detailed[5])
print "Source IP: ", socket.inet_ntoa(arp_detailed[6])
print "Dest MAC: ", binascii.hexlify(arp_detailed[7])
print "Dest IP: ", socket.inet_ntoa(arp_detailed[8])
print "*************************************************\n"
使用arpping
从同一主机广播的输出示例及其回复:
Sample output using arpping
broadcast from the same host and its reply:
****************_ETHERNET_FRAME_****************
Dest MAC: ffffffffffff
Source MAC: 000c29eb37bf
Type: 0806
************************************************
******************_ARP_HEADER_******************
Hardware type: 0001
Protocol type: 0800
Hardware size: 06
Protocol size: 04
Opcode: 0001
Source MAC: 000c29eb37bf
Source IP: 192.168.16.133
Dest MAC: ffffffffffff
Dest IP: 192.168.16.2
*************************************************
****************_ETHERNET_FRAME_****************
Dest MAC: 000c29eb37bf
Source MAC: 005056f37861
Type: 0806
************************************************
******************_ARP_HEADER_******************
Hardware type: 0001
Protocol type: 0800
Hardware size: 06
Protocol size: 04
Opcode: 0002
Source MAC: 005056f37861
Source IP: 192.168.16.2
Dest MAC: 000c29eb37bf
Dest IP: 192.168.16.133
*************************************************
这篇关于python arp嗅探原始套接字没有回复数据包的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!