Python arp嗅探原始套接字沒有回復數據包
[英]Python arp sniffing raw socket no reply packets
問題描述
為了更好地理解網絡概念並提高我的python技能,我試圖用python實現數據包嗅探器。 我剛開始學習python,所以代碼當然可以優化;)
我已經實現了一個數據包嗅探器,它解壓縮了以太網幀和arp頭。 我想用原始套接字制作它,因為我想了解這些標題中的每個字節,所以請不要scapy幫助:)
問題是,我不會得到任何arp回復數據包。 它始終是操作碼1和我
這是我的源代碼:
import socket
import struct
import binascii
rawSocket = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(0x0806))
while True:
packet = rawSocket.recvfrom(2048)
ethernet_header = packet[0][0:14]
ethernet_detailed = struct.unpack("!6s6s2s", ethernet_header)
arp_header = packet[0][14:42]
arp_detailed = struct.unpack("2s2s1s1s2s6s4s6s4s", arp_header)
print "****************_ETHERNET_FRAME_****************"
print "Dest MAC: ", binascii.hexlify(ethernet_detailed[0])
print "Source MAC: ", binascii.hexlify(ethernet_detailed[1])
print "Type: ", binascii.hexlify(ethernet_detailed[2])
print "************************************************"
print "******************_ARP_HEADER_******************"
print "Hardware type: ", binascii.hexlify(arp_detailed[0])
print "Protocol type: ", binascii.hexlify(arp_detailed[1])
print "Hardware size: ", binascii.hexlify(arp_detailed[2])
print "Protocol size: ", binascii.hexlify(arp_detailed[3])
print "Opcode: ", binascii.hexlify(arp_detailed[4])
print "Source MAC: ", binascii.hexlify(arp_detailed[5])
print "Source IP: ", socket.inet_ntoa(arp_detailed[6])
print "Dest MAC: ", binascii.hexlify(arp_detailed[7])
print "Dest IP: ", socket.inet_ntoa(arp_detailed[8])
print "*************************************************\n"
有人可以解釋一下我為什么沒有得到這些響應包嗎?
OUTPUT:
****************_ETHERNET_FRAME_****************
Dest MAC: ffffffffffff
Source MAC: 0012bfc87243
Type: 0806
************************************************
******************_ARP_HEADER_******************
Hardware type: 0001
Protocol type: 0800
Hardware size: 06
Protocol size: 04
Opcode: 0001
Source MAC: 0012bfc87243
Source IP: 192.168.2.1
Dest MAC: 000000000000
Dest IP: 192.168.2.226
*************************************************
謝謝到目前為止! :)
1 個解決方案
解決方案1
16 已采納 2014-06-25 18:39:00
我認為您需要指定套接字協議號0x0003來嗅探所有內容,然后在事后過濾掉非ARP數據包。 這對我有用:
import socket
import struct
import binascii
rawSocket = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(0x0003))
while True:
packet = rawSocket.recvfrom(2048)
ethernet_header = packet[0][0:14]
ethernet_detailed = struct.unpack("!6s6s2s", ethernet_header)
arp_header = packet[0][14:42]
arp_detailed = struct.unpack("2s2s1s1s2s6s4s6s4s", arp_header)
# skip non-ARP packets
ethertype = ethernet_detailed[2]
if ethertype != '\x08\x06':
continue
print "****************_ETHERNET_FRAME_****************"
print "Dest MAC: ", binascii.hexlify(ethernet_detailed[0])
print "Source MAC: ", binascii.hexlify(ethernet_detailed[1])
print "Type: ", binascii.hexlify(ethertype)
print "************************************************"
print "******************_ARP_HEADER_******************"
print "Hardware type: ", binascii.hexlify(arp_detailed[0])
print "Protocol type: ", binascii.hexlify(arp_detailed[1])
print "Hardware size: ", binascii.hexlify(arp_detailed[2])
print "Protocol size: ", binascii.hexlify(arp_detailed[3])
print "Opcode: ", binascii.hexlify(arp_detailed[4])
print "Source MAC: ", binascii.hexlify(arp_detailed[5])
print "Source IP: ", socket.inet_ntoa(arp_detailed[6])
print "Dest MAC: ", binascii.hexlify(arp_detailed[7])
print "Dest IP: ", socket.inet_ntoa(arp_detailed[8])
print "*************************************************\n"
示例輸出使用arpping從相同的主機和答復廣播:
****************_ETHERNET_FRAME_****************
Dest MAC: ffffffffffff
Source MAC: 000c29eb37bf
Type: 0806
************************************************
******************_ARP_HEADER_******************
Hardware type: 0001
Protocol type: 0800
Hardware size: 06
Protocol size: 04
Opcode: 0001
Source MAC: 000c29eb37bf
Source IP: 192.168.16.133
Dest MAC: ffffffffffff
Dest IP: 192.168.16.2
*************************************************
****************_ETHERNET_FRAME_****************
Dest MAC: 000c29eb37bf
Source MAC: 005056f37861
Type: 0806
************************************************
******************_ARP_HEADER_******************
Hardware type: 0001
Protocol type: 0800
Hardware size: 06
Protocol size: 04
Opcode: 0002
Source MAC: 005056f37861
Source IP: 192.168.16.2
Dest MAC: 000c29eb37bf
Dest IP: 192.168.16.133
*************************************************
Python原始套接字監聽UDP數據包; 只收到一半的數據包
[英]Python raw socket listening for UDP packets; only half of the packets received
嗅探接口上的流量時,托管到主機的Python socket.bind()不會顯示帶有SIO_RCVALL的傳入數據包
[英]Python socket.bind() to host does not show incoming packets with SIO_RCVALL while sniffing for traffic on an interface
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
沒有回復的 ARP 請求 raw sockets python
Python原始套接字沒有收到ICMP數據包
python中如何使用raw socket收發arp package
使用python嗅探網絡數據包
Python原始套接字監聽UDP數據包; 只收到一半的數據包
嗅探套接字通信-Python
嗅探接口上的流量時,托管到主機的Python socket.bind()不會顯示帶有SIO_RCVALL的傳入數據包
使用 python 嗅探收到的 HTTP 發布數據包
如何從python raw socket中的傳入數據包中獲取消息
Python 原始 Sockets (Windows):嗅探以太網幀
相關標簽