我正在 try catch TCP 请求(入站)数据包。正如黑帽Python书中所描述的,这是嗅探器代码。但是这个嗅探器不会捕获tcp请求数据包。我需要从Windows运行环境捕获。
class IP(Structure):
_fields_ = [
("version", c_ubyte, 4),
("ihl", c_ubyte, 4),
("tos", c_ubyte),
("len", c_ushort),
("id", c_ushort),
("offset", c_ushort),
("ttl", c_ubyte),
("protocol_num", c_ubyte),
("sum", c_ushort),
("src", c_uint32),
("dst", c_uint32)
]
def __new__(self, socket_buffer=None):
return self.from_buffer_copy(socket_buffer)
def __init__(self, socket_buffer=None):
# map protocol constants to their names
self.protocol_map = {1:"ICMP", 6:"TCP", 17:"UDP"}
self.src_address = socket.inet_ntoa(struct.pack("@I",self.src))
self.dst_address = socket.inet_ntoa(struct.pack("@I",self.dst))
# human readable protocol
try:
self.protocol = self.protocol_map[self.protocol_num]
except:
self.protocol = str(self.protocol_num)
if os.name == "nt":
socket_protocol = socket.IPPROTO_IP
else:
socket_protocol = socket.IPPROTO_ICMP
sniffer = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket_protocol)
sniffer.bind((host, 0))
sniffer.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
# to set up promiscuous mode
if os.name == "nt":
sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)
try:
while True:
# read in a packet
raw_buffer = sniffer.recvfrom(65565)[0]
# create an IP header from the first 20 bytes of the buffer
ip_header = IP(raw_buffer[0:])
# print out the protocol that was detected and the hosts
print "Protocol: %s %s -> %s " % (ip_header.protocol, ip_header.src_address, ip_header.dst_address)
最佳答案
I used wireshark. it capture all incoming and outgoing packets. but python script only captures outgoing packets.
Wireshark 使用 libpcap/WinPcap,它使用操作系统的数据包捕获机制 (libpcap) 或 WinPcap (WinPcap) 的驱动程序提供的机制来捕获数据包。
这不是您正在使用的机制。鉴于您的代码是用 Python 编写的,您可能需要考虑使用 Scapy .
关于python - 如何捕获tcp请求包?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34552809/