为了方便抓取请求,给家里智能电视提供源,做了这个,其实很多东西都可以做。
以下相当于只抓客户端150发送的包,而且只有发送包,80端口。
#!/usr/bin/env python
from ctypes import *
from winpcapy import *
import string
import time,os,sys
import platform
os.chdir(sys.path[0])
if platform.python_version()[0] == "3":
raw_input=input
## prototype of the packet handler
## void packet_handler(u_char *dumpfile, const struct pcap_pkthdr *header, const u_char *pkt_data)
PHAND=CFUNCTYPE(None,POINTER(c_ubyte),POINTER(pcap_pkthdr),POINTER(c_ubyte))
## Callback function invoked by libpcap for every incoming packet
def _packet_handler(param,header,pkt_data):
## save the packet on the dump file
global dumpfile
pcap_dump(dumpfile, header, pkt_data)
packet_handler=PHAND(_packet_handler)
alldevs=POINTER(pcap_if_t)()
d=POINTER(pcap_if_t)
adhandle=pcap_t
errbuf= create_string_buffer(PCAP_ERRBUF_SIZE)
#dumpfile=pcap_dumper_t
## Check command line
if (len(sys.argv) != 2):
print ("usage: %s filename" % sys.argv[0])
sys.exit(-1)
## Retrieve the device list on the local machine
if (pcap_findalldevs(byref(alldevs),errbuf) == -1):
print ("Error in pcap_findalldevs: %s\n", errbuf.value)
sys.exit(1)
## Print the list
i=0
d=alldevs.contents
while d:
i=i+1
print ("%d. %s" % (i, d.name))
if (d.description):
print (" (%s)\n" % (d.description))
else:
print (" (No description available)\n")
if d.next:
d=d.next.contents
else:
d=False
if (i==0):
print ("\nNo interfaces found! Make sure WinPcap is installed.\n")
sys.exit(-1)
print ("Enter the interface number (1-%d):" % (i))
inum= raw_input('--> ')
if inum in string.digits:
inum=int(inum)
else:
inum=0
if ((inum < 1) | (inum > i)):
print ("\nInterface number out of range.\n")
## Free the device list
pcap_freealldevs(alldevs)
sys.exit(-1)
## Jump to the selected adapter
d=alldevs
for i in range(0,inum-1):
d=d.contents.next
## Open the adapter
adhandle = pcap_open_live(d.contents.name,65536,0,1000,errbuf)
if (adhandle == None):
print ("\nUnable to open the adapter. %s is not supported by WinPcap\n" % d.contents.name)
## Free the device list
pcap_freealldevs(alldevs)
sys.exit(-1)
#---------------------------------------
fcode = bpf_program()
NetMask = 0xffffff
filter = "tcp[tcpflags] & tcp-push != 0 and src net 192.168.1.150 and port 80"# 这里是关键
## compile the filter
if pcap_compile(adhandle,byref(fcode),filter,1,NetMask) < 0:
print('\nError compiling filter: wrong syntax.\n')
pcap_close(adhandle)
sys.exit(-1)
## set the filter
if pcap_setfilter(adhandle,byref(fcode)) < 0:
print('\nError setting the filter\n')
pcap_close(adhandle)
sys.exit(-1)
#---------------------------------------
## Open the dump file
dumpfile = pcap_dump_open(adhandle, sys.argv[1])
if(dumpfile==None):
print ("\nError opening output file\n")
sys.exit(-1)
print ("\nlistening on %s... Press Ctrl+C to stop...\n" % d.contents.description)
## At this point, we no longer need the device list. Free it */
pcap_freealldevs(alldevs)
## start the capture */
support=cast(dumpfile,POINTER(c_ubyte))
while True:pcap_loop(adhandle, 5, packet_handler, support)
pcap_close(adhandle);
sys.exit(0)