python 网络嗅探实验
#!/usr/bin/env python3.6
# coding: utf-8
import socket
import struct
import binascii
# 变量初始化
version_ip = 0
IHL_ip = 0
Total_Length_ip = 0
TTL_ip = 0
Protocol_ip = 0
src_ip = 0
dest_ip = 0
src_tcp = 0
dest_tcp = 0
sqe_tcp = 0
ack_tcp = 0
syn_bit = 0
ack_bit = 1
#创建底层的socket编程接口SOCK_RAW
s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(0x0800))
buf = s.recvfrom(2048)
Protocol_ip = 0
# 下面进行TCP解析 (即是ip的数据部分是TCP/UDP)
while (Protocol_ip != 6):
# 重新嗅探一个数据包,直到为TCP数据包
buf = s.recvfrom(2048)
# 解析IP协议
# IP头部分配
frame_ip_header_b = buf[0][14:34] # 截取IP头部20字节
frame_ip_header_s = struct.unpack("!1s1s2s2s2s1s1s2s4s4s", frame_ip_header_b) # 将ip头部分为10段即从0~9解封装,每一段1表字节为8位 2表16
# 下面为IP解封装
version_ip = int(binascii.hexlify(frame_ip_header_s[0])[0:1]) # ip版本号为第一段里的开始前四位
IHL_ip = int(binascii.hexlify(frame_ip_header_s[0])[1:2]) # ip头部长度为第一段里的后四位
Protocol_ip = int(binascii.hexlify(frame_ip_header_s[6])) # 截取ip协议字段protocol
src_ip = "%d.%d.%d.%d" % struct.unpack('BBBB', frame_ip_header_s[8]) # 源ip地址和目的ip地址分别为第八第九段
dest_ip = "%d.%d.%d.%d" % struct.unpack('BBBB', frame_ip_header_s[9])
if (dest_ip != '127.0.0.1'):
Protocol_ip = 0
continue
# 解析TCP协议
if (Protocol_ip != 6):
continue
if (Protocol_ip == 6):
tcp_frame_header_b = buf[0][34:48] # 接着ip头部后截取14字节,
tcp_frame_header_s = struct.unpack("!2s2s4s4s1s1s", tcp_frame_header_b) # 将其分为4段,
src_tcp = binascii.hexlify(tcp_frame_header_s[0]) # 第一段为TCP源端口
dest_tcp = binascii.hexlify(tcp_frame_header_s[1]) # 获取TCP目标端口
ack_tcp = binascii.hexlify(tcp_frame_header_s[3]) # 获取TCP确认号
syn_bit = (int(binascii.hexlify(tcp_frame_header_s[5]), 16) & 0x2) >> 1 #获取SYN位
ack_bit = (int(binascii.hexlify(tcp_frame_header_s[5]), 16) & 0x2) >> 4 #获取ACK位
# 打印解析内容
print('IP相关信息:')
print('IP版本号:', version_ip)
print('IP头长度:', len(frame_ip_header_b), '字节') #打印IP头长度
print('协议:', Protocol_ip)
print('源IP地址:', src_ip)
print('目的IP地址:', dest_ip)
print('TCP相关信息:')
print('TCP目的端口:', int(dest_tcp, 16)) # 从十六转为十进制
print('TCP的确认号:', int(ack_tcp, 16))
print('The syn bit is ', syn_bit)
print('The ack bit is ', ack_bit)
s.close()