我使用Python中的原始套接字创建了一个简单的数据包嗅探器.
I created a simple packet sniffer using raw socket in Python.
import socket s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP) while True: print s.recvfrom(1600)正在显示的互联网流量.但是,当我关闭主网络接口并通过lo接口(源和目标127.0.0.1)使用scapy发送syn数据包时,什么也没打印.
The internet traffic it's showing. But when I turn the primary network interface down and send syn packets using scapy through the lo interface (source and destination 127.0.0.1), There's nothing printed.
基本上,我使用scapy创建和发送10个syn数据包,其源和目标是127.0.0.1,这在Wireshark中可见.但是这不是嗅探器.我认为可能存在长度问题.因此,我将缓冲区大小设置为syn数据包的大小,即74(s.recvfrom(74)),但还是没有.一旦我再次打开主网络接口,它就会显示所有TCP通信.
Basically I create and send 10 syn packets using scapy whose source and destination is 127.0.0.1, which is visible in wireshark. But not in this sniffer. I thought there might be a problem of the length. So I set the buffer size to a syn packet's size i.e. 74 (s.recvfrom(74)), but still nothing. As soon as I turn the primary network interface up again, it shows all the TCP traffic.
我需要关闭网络接口,以免收到我自己创建的流量之外的其他流量.
I need to turn off the network interface so that I won't receive any other traffic other than my own created one.
我在哪里出错了?
推荐答案在Linux上:
soc = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(3)) soc.setsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF, 2**30) soc.bind(("eth0",0x0003))需要打开RAW而不是TCP.
编辑评论:
a = soc.recvform(65565)[0] h = binascii.hexlify(a) if h[24:30] == "080045" and h[46:48] == "06": # h[24:30] == "080045" Means IP (Type field of Ethernet Header # combined with IP Version and IP header length) # h[46:48] == "06" Means TCP (Ip Protocol field of IP Header) #do something with TCP packet"080045"的意思是:
0800 = IP 4 = IP版本(IPv4) 5 =标头长度(5个字,每个4个字节)
0800 = IP 4 = IP version (IPv4) 5 = Header length (5 words of 4 bytes each)
更多推荐
Python TCP原始套接字未在lo上侦听(localhost/127.0.0.1)
发布评论