1 # coding:utf8
2 import socket
3 import os
4 import struct
5 from ctypes import *
6
7 # 嗅探主机上面流经的所有数据包 并转换成ip地址流向
8
9 # 监听的主机
10 host = "192.168.1.2"
11
12 # IP头定义 定义了一个 Structure 的结构体
13 class IP(Structure):
14 _fields_ = [
15 ("ih1", c_ubyte, 4),
16 ("version", c_ubyte, 4),
17 ("tos", c_ubyte),
18 ("len", c_ushort),
19 ("id", c_ushort),
20 ("offset", c_ushort),
21 ("ttl", c_ubyte),
22 ("protocol_num", c_ubyte),
23 ("sum", c_ushort),
24 ("src", c_ulong),
25 ("dst", c_ulong),
26 ]
27
28 def __new__(self, socket_buffer=None):
29 # 把我们获取到的 网络包ip头生成IP实例
30 return self.from_buffer_copy(socket_buffer)
31 pass
32
33 def __init__(self, socket_buffer=None):
34 # 协议字段与协议名称对应
35 self.protocol_map = {1:"ICMP", 6:"TCP", 17:"UDP"}
36
37 # 可读性更强的IP地址
38 # 使用了python struct库的pack方法 用指定的格式化参数将src 和dst的long型数值转换为字符串,
39 # 然后使用socket.inet_ntoa方法将字符串的一串数字转换为对应的ip格式。最后赋值给对应的src或者dst变量
40 self.src_address = socket.inet_ntoa(struct.pack("L", self.src))
41 self.dst_address = socket.inet_ntoa(struct.pack("L", self.dst))
42
43 # 协议类型
44 try:
45 self.protocol = self.protocol_map[self.protocol_num]
46 except :
47 self.protocol = str(self.protocol_num)
48
49 if os.name == 'nt':
50 socket_protocol = socket.IPPROTO_IP
51 else:
52 socket_protocol = socket.IPPROTO_ICMP
53
54
55 sniffer = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket_protocol)
56
57 sniffer.bind((host, 0))
58
59 sniffer.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
60
61 if os.name == 'nt':
62 sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)
63
64 try:
65 while True:
66 #读取数据包
67 raw_buffer = sniffer.recvfrom(65565)[0]
68
69 # 将缓冲区的前20个字节按IP头进行解析
70 ip_header = IP(raw_buffer[0:20])
71 print "raw_buffer is %s " % raw_buffer[0:20]
72 # 输出协议和通信双方IP地址
73 print "Protocol: %s %s -> %s" % (ip_header.protocol, ip_header.src_address, ip_header.dst_address)
74
75 pass
76
77 # 处理 ctrl-c
78 except KeyboardInterrupt:
79 # 如果运行在Windows上, 关闭混杂模式
80 if os.name == 'nt':
81 sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_OFF)
