适用于Noobs的Python数据包嗅探器和套接字 [英] Python Packet Sniffer and Sockets for Noobs

问题描述

所以我对套接字和嗅探器编程有一些疑问... 我刚刚开始编程，并且有一个项目，我想在其中使用通过网络发送的信息.

我尝试在youtube上观看几段视频，对这一过程进行了一些讨论，并试图找到更好的资料来进一步研究，但是我一直找不到适合我的资源.

我包含的代码来自youtube上的视频，并且按照他们的解释似乎很合理，但是我想他可能一直在使用Linux或其他工具，因为Windows不支持AF_PACKET.经过研究后，我发现人们使用了AF_INET，但出现了错误:

OSError:[WinError 10043]尚未将请求的协议配置到系统中，或者不存在用于该协议的实现

有人在某个地方或某种方式可以为我解释一下插座吗?我不打算将Windows用于该项目的最终版本，并且我还计划将来对它进行修改以用于蓝牙，因此，如果可以找到实现此目的的方法，我想了解事情背后的原因./p>

` 进口插座 导入结构 导入textwrap

def main():
    conn = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.ntohs(3))
        while True:
        raw_data, addr = conn.recvfrom(65535)
        dest_mac, src_mac, eth_proto, data = ethernet_frame(raw_data)
        print('\nEthernet Frame:')
        print('Destination: {}, Source: {}, Protocol: {}'.format(dest_mac, src_mac, eth_proto, data[:14]))


#unpack ethernet frame
def ethernet_frame(data):
     dest_mac, src_mac, proto = struct.unpack('! 6s 6s H', data[:14])
     return get_mac_addr(dest_mac), get_mac_addr(src_mac), socket.htons(proto), data[14:]

#Get Mac Address
def get_mac_addr(bytes_addr):
    bytes_str = map('{:02x}'.format, bytes_addr)
    return ':'.join(bytes_str).upper()

main()

`

解决方案

使用套接字进行数据包嗅探的操作系统是:

1. Linux
2. I

Windows不在该列表上(OS X，Solaris，HP-UX，AIX等名称中都没有带有"BSD"的东西). Linux和Irix都碰巧使用套接字进行嗅探，但这只是他们的选择(他们没有选择相同的 type 套接字，他们只是选择了套接字).

如果要编写嗅探器，最好建议您在libpcap/WinPcap周围使用包装器，并让它们处理在特定操作系统上进行数据包嗅探的痛苦细节. Python包装器包括 pylibpcap 和 解决方案

The OSes on which you use a socket for packet sniffing are:

1. Linux
2. Irix

Windows is not on that list (neither are anything with "BSD" in the name, OS X, Solaris, HP-UX, AIX, etc.). Linux and Irix both happen to use sockets to do sniffing, but that's just their choice (and they didn't choose the same type of socket, they just happened to choose sockets).

If you want to write a sniffer, you're probably best advised to use a wrapper around libpcap/WinPcap, and let them deal with the painful details of the way packet sniffing is done on a particular operating system. Wrappers for Python include pylibpcap and pcapy; I don't know whether either of them work on Windows with WinPcap.

(Note that you are not guaranteed to get Ethernet headers on sniffed packets; you should call pcap_datalink(), or whatever the wrapper's equivalent is, and check its return value - if it's not DLT_EN10MB, or the wrapper's equivalent, you won't be getting Ethernet headers.)

AF_INET raw sockets, on any platform, aren't going to give you Ethernet headers. I don't know what you'll get with a protocol argument of 3 - 3 is the Internet protocol number for GGP, as per RFC 823 Appendix A, and that protocol is ancient and not used as far as I know; you'll probably end up with a socket on which you can send GGP packets and from which you can receive GGP packets, for what that's worth (which is not much). (Also, the arguments to the socket() call in C are in host byte order, and Python probably works the same, so you probably don't want that socket.ntohs() in there, not that it'll make a difference.)

这篇关于适用于Noobs的Python数据包嗅探器和套接字的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！