python winpcap

from winpcapy import WinPcapDevices
from winpcapy import WinPcapUtils

import dpkt
import time
import datetime

# list_device = WinPcapDevices.list_devices()
# print(list_device)


def packet_callback(win_pcap, param, header, pkt_data):
    eth = dpkt.ethernet.Ethernet(pkt_data)
    # # 判断是否为IP数据报
    if not isinstance(eth.data, dpkt.ip.IP):
        print("Non IP packet type not supported ", eth.data.__class__.__name__)
        return
    # 抓IP数据包
    packet = eth.data
    # 取出分片信息
    df = bool(packet.off & dpkt.ip.IP_DF)
    mf = bool(packet.off & dpkt.ip.IP_MF)
    offset = packet.off & dpkt.ip.IP_OFFMASK

    # 输出数据包信息：time,src,dst,protocol,length,ttl,df,mf,offset,checksum
    output1 = {'time':time.strftime('%Y-%m-%d %H:%M:%S',(time.localtime()))}
    output2 = {'src':'%d.%d.%d.%d'%tuple(packet.src) , 'dst':'%d.%d.%d.%d'%tuple(packet.dst)}
    output3 = {'protocol':packet.p, 'len':packet.len, 'ttl':packet.ttl}
    output4 = {'df':df, 'mf':mf, 'offset':offset, 'checksum':packet.sum}
    print()
    print(output1)
    print(output2)
    print(output3)
    print(output4)

#WinPcapUtils.capture_on(pattern="Realtek PCIe GBE Family Controller", callback=packet_callback)
WinPcapUtils.capture_on(pattern="Intel(R) Dual Band Wireless-AC 3165", callback=packet_callback)

from winpcapy import WinPcapDevices
from winpcapy import WinPcapUtils

import dpkt
import time
import datetime

# list_device = WinPcapDevices.list_devices()
# print(list_device)


def packet_callback(win_pcap, param, header, pkt_data):
    eth = dpkt.ethernet.Ethernet(pkt_data)
    # # 判断是否为IP数据报
    if not isinstance(eth.data, dpkt.ip.IP):
        print("Non IP packet type not supported ", eth.data.__class__.__name__)
        return
    # 抓IP数据包
    packet = eth.data
    # 取出分片信息
    df = bool(packet.off & dpkt.ip.IP_DF)
    mf = bool(packet.off & dpkt.ip.IP_MF)
    offset = packet.off & dpkt.ip.IP_OFFMASK

    # 输出数据包信息：time,src,dst,protocol,length,ttl,df,mf,offset,checksum
    output1 = {'time':time.strftime('%Y-%m-%d %H:%M:%S',(time.localtime()))}
    output2 = {'src':'%d.%d.%d.%d'%tuple(packet.src) , 'dst':'%d.%d.%d.%d'%tuple(packet.dst)}
    output3 = {'protocol':packet.p, 'len':packet.len, 'ttl':packet.ttl}
    output4 = {'df':df, 'mf':mf, 'offset':offset, 'checksum':packet.sum}
    print()
    print(output1)
    print(output2)
    print(output3)
    print(output4)

#WinPcapUtils.capture_on(pattern="Realtek PCIe GBE Family Controller", callback=packet_callback)
WinPcapUtils.capture_on(pattern="Intel(R) Ethernet Connection I219-V", callback=packet_callback)

from winpcapy import WinPcapDevices
from winpcapy import WinPcapUtils

import dpkt
import time
import datetime,sys

# list_device = WinPcapDevices.list_devices()
# print(list_device)


def packet_callback(win_pcap, param, header, pkt_data):
    eth = dpkt.ethernet.Ethernet(pkt_data)
    # # 判断是否为IP数据报
    if not isinstance(eth.data, dpkt.ip.IP):
        print("Non IP packet type not supported ", eth.data.__class__.__name__)
        return
    # 抓IP数据包
    packet = eth.data
    print(packet)
    print(type(eth))
    print(type(eth.data))
    print(type(eth.data.data))
    print(type(eth.data.data.data))
    print(eth)
    print(eth.data.__bytes__())
    print(eth.data.__len__())
    print(eth.data.src.hex())
    print(eth.data.data.ulen)
     
    if not isinstance(eth.data, dpkt.ip.IP): #解包，网络层，判断网络层是否存在，
        pass
    ip = eth.data
    if not isinstance(ip.data, dpkt.udp.UDP): #解包，判断传输层协议是否是TCP，即当你只需要TCP时，可用来过滤
        pass
     
    # if not isinstance(ip.data, dpkt.udp.UDP):#解包，判断传输层协议是否是UDP
    #   continue        
    udp_data = eth.data.data #传输层负载数据，基本上分析流量的人都是分析这部分数据，即应用层负载流量
    if not len(udp_data.data): #如果应用层负载长度为0，即该包为单纯的tcp包，没有负载，则丢弃
        pass
     
    all_pcap_data[ts]= eth.data.data.data #将时间戳与应用层负载按字典形式有序放入字典中，方便后续分析.
    print(all_pcap_data[ts])
    all_pcap_data_hex[ts]=udp_data.data.hex()
    
    # 取出分片信息
    df = bool(packet.off & dpkt.ip.IP_DF)
    mf = bool(packet.off & dpkt.ip.IP_MF)
    offset = packet.off & dpkt.ip.IP_OFFMASK

    # 输出数据包信息：time,src,dst,protocol,length,ttl,df,mf,offset,checksum
    output1 = {'time':time.strftime('%Y-%m-%d %H:%M:%S',(time.localtime()))}
    output2 = {'src':'%d.%d.%d.%d'%tuple(packet.src) , 'dst':'%d.%d.%d.%d'%tuple(packet.dst)}
    output3 = {'protocol':packet.p, 'len':packet.len, 'ttl':packet.ttl}
    output4 = {'df':df, 'mf':mf, 'offset':offset, 'checksum':packet.sum}
    print()
    print(output1)
    print(output2)
    print(output3)
    print(output4)
    sys.exit(0)

#WinPcapUtils.capture_on(pattern="Realtek PCIe GBE Family Controller", callback=packet_callback)
WinPcapUtils.capture_on(pattern="Realtek PCIe GbE Family Controller", callback=packet_callback)

posted @ 2022-11-13 08:33 myrj 阅读(296) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部

myrj

python winpcap

公告