适用于Noobs的Python数据包嗅探器和套接字 [英] Python Packet Sniffer and Sockets for Noobs
问题描述
所以我对套接字和嗅探器编程有一些疑问... 我刚刚开始编程,并且有一个项目,我想在其中使用通过网络发送的信息.
我尝试在youtube上观看几段视频,对这一过程进行了一些讨论,并试图找到更好的资料来进一步研究,但是我一直找不到适合我的资源.
我包含的代码来自youtube上的视频,并且按照他们的解释似乎很合理,但是我想他可能一直在使用Linux或其他工具,因为Windows不支持AF_PACKET.经过研究后,我发现人们使用了AF_INET,但出现了错误:
OSError:[WinError 10043]尚未将请求的协议配置到系统中,或者不存在用于该协议的实现
有人在某个地方或某种方式可以为我解释一下插座吗?我不打算将Windows用于该项目的最终版本,并且我还计划将来对它进行修改以用于蓝牙,因此,如果可以找到实现此目的的方法,我想了解事情背后的原因./p>
` 进口插座 导入结构 导入textwrap
def main():
conn = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.ntohs(3))
while True:
raw_data, addr = conn.recvfrom(65535)
dest_mac, src_mac, eth_proto, data = ethernet_frame(raw_data)
print('\nEthernet Frame:')
print('Destination: {}, Source: {}, Protocol: {}'.format(dest_mac, src_mac, eth_proto, data[:14]))
#unpack ethernet frame
def ethernet_frame(data):
dest_mac, src_mac, proto = struct.unpack('! 6s 6s H', data[:14])
return get_mac_addr(dest_mac), get_mac_addr(src_mac), socket.htons(proto), data[14:]
#Get Mac Address
def get_mac_addr(bytes_addr):
bytes_str = map('{:02x}'.format, bytes_addr)
return ':'.join(bytes_str).upper()
main()
`
使用套接字进行数据包嗅探的操作系统是:
- Linux
- I
Windows不在该列表上(OS X,Solaris,HP-UX,AIX等名称中都没有带有"BSD"的东西). Linux和Irix都碰巧使用套接字进行嗅探,但这只是他们的选择(他们没有选择相同的 type 套接字,他们只是选择了套接字).
如果要编写嗅探器,最好建议您在libpcap/WinPcap周围使用包装器,并让它们处理在特定操作系统上进行数据包嗅探的痛苦细节. Python包装器包括 pylibpcap 和 RFC 823 附录A,该协议是古老的,据我所知尚未使用;您可能最终会得到一个套接字,可以在该套接字上发送GGP数据包,并从该套接字上接收GGP数据包,这是值得的(不多). (此外,C中socket()
调用的参数按主机字节顺序排列,Python可能工作原理相同,因此您可能不想在其中使用socket.ntohs()
,而不是有所作为.)
So I have some questions about sockets and sniffer programming... I've just started programming and have a project where I would like to use information that is sent across my network.
I tried watching several videos on youtube that talk about this process a little, and tried to find better material to research it further, but I haven't been able to find a source that makes sense to me.
The code I included came from a video on youtube and seemed to make sense as they explained it, but I guess he might have been using Linux or something else because Windows did not support AF_PACKET. After some research I found that people use AF_INET, but I got the error:
OSError: [WinError 10043] The requested protocol has not been configured into the system, or no implementation for it exists
Is there a place or a way someone might be able to explain sockets a little bit for me? I don't plan to use windows for the final version of this project, and I also plan to modify it for bluetooth in the future, so I would like to learn the reasoning behind things if I can find a way to do that.
` import socket import struct import textwrap
def main():
conn = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.ntohs(3))
while True:
raw_data, addr = conn.recvfrom(65535)
dest_mac, src_mac, eth_proto, data = ethernet_frame(raw_data)
print('\nEthernet Frame:')
print('Destination: {}, Source: {}, Protocol: {}'.format(dest_mac, src_mac, eth_proto, data[:14]))
#unpack ethernet frame
def ethernet_frame(data):
dest_mac, src_mac, proto = struct.unpack('! 6s 6s H', data[:14])
return get_mac_addr(dest_mac), get_mac_addr(src_mac), socket.htons(proto), data[14:]
#Get Mac Address
def get_mac_addr(bytes_addr):
bytes_str = map('{:02x}'.format, bytes_addr)
return ':'.join(bytes_str).upper()
main()
`
The OSes on which you use a socket for packet sniffing are:
- Linux
- Irix
Windows is not on that list (neither are anything with "BSD" in the name, OS X, Solaris, HP-UX, AIX, etc.). Linux and Irix both happen to use sockets to do sniffing, but that's just their choice (and they didn't choose the same type of socket, they just happened to choose sockets).
If you want to write a sniffer, you're probably best advised to use a wrapper around libpcap/WinPcap, and let them deal with the painful details of the way packet sniffing is done on a particular operating system. Wrappers for Python include pylibpcap and pcapy; I don't know whether either of them work on Windows with WinPcap.
(Note that you are not guaranteed to get Ethernet headers on sniffed packets; you should call pcap_datalink()
, or whatever the wrapper's equivalent is, and check its return value - if it's not DLT_EN10MB
, or the wrapper's equivalent, you won't be getting Ethernet headers.)
AF_INET
raw sockets, on any platform, aren't going to give you Ethernet headers. I don't know what you'll get with a protocol argument of 3 - 3 is the Internet protocol number for GGP, as per RFC 823 Appendix A, and that protocol is ancient and not used as far as I know; you'll probably end up with a socket on which you can send GGP packets and from which you can receive GGP packets, for what that's worth (which is not much). (Also, the arguments to the socket()
call in C are in host byte order, and Python probably works the same, so you probably don't want that socket.ntohs()
in there, not that it'll make a difference.)
这篇关于适用于Noobs的Python数据包嗅探器和套接字的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!