gpt4 book ai didi

Python arp 嗅探原始套接字无回复数据包

转载 作者:太空狗 更新时间:2023-10-29 17:17:56 32 4
gpt4 key购买 nike

为了更好地理解网络概念并提高我的 python 技能,我正在尝试使用 python 实现数据包嗅探器。刚开始学习python,所以代码当然可以优化;)

我已经实现了一个数据包嗅探器,它可以解压缩以太网帧和 arp header 。我想用原始套接字来制作它,因为我想了解这些 header 中的每个字节,所以请不要 scapy 帮助:)

问题是,我不会收到任何 arp 回复数据包。它总是操作码 1 和我

这是我的源代码:

import socket
import struct
import binascii

rawSocket = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(0x0806))

while True:

packet = rawSocket.recvfrom(2048)

ethernet_header = packet[0][0:14]
ethernet_detailed = struct.unpack("!6s6s2s", ethernet_header)

arp_header = packet[0][14:42]
arp_detailed = struct.unpack("2s2s1s1s2s6s4s6s4s", arp_header)

print "****************_ETHERNET_FRAME_****************"
print "Dest MAC: ", binascii.hexlify(ethernet_detailed[0])
print "Source MAC: ", binascii.hexlify(ethernet_detailed[1])
print "Type: ", binascii.hexlify(ethernet_detailed[2])
print "************************************************"
print "******************_ARP_HEADER_******************"
print "Hardware type: ", binascii.hexlify(arp_detailed[0])
print "Protocol type: ", binascii.hexlify(arp_detailed[1])
print "Hardware size: ", binascii.hexlify(arp_detailed[2])
print "Protocol size: ", binascii.hexlify(arp_detailed[3])
print "Opcode: ", binascii.hexlify(arp_detailed[4])
print "Source MAC: ", binascii.hexlify(arp_detailed[5])
print "Source IP: ", socket.inet_ntoa(arp_detailed[6])
print "Dest MAC: ", binascii.hexlify(arp_detailed[7])
print "Dest IP: ", socket.inet_ntoa(arp_detailed[8])
print "*************************************************\n"

有人能解释一下为什么我只收到这些没有响应数据包吗?

输出:

****************_ETHERNET_FRAME_****************
Dest MAC: ffffffffffff
Source MAC: 0012bfc87243
Type: 0806
************************************************
******************_ARP_HEADER_******************
Hardware type: 0001
Protocol type: 0800
Hardware size: 06
Protocol size: 04
Opcode: 0001
Source MAC: 0012bfc87243
Source IP: 192.168.2.1
Dest MAC: 000000000000
Dest IP: 192.168.2.226
*************************************************

谢谢! :)

最佳答案

我认为您需要指定套接字协议(protocol)号0x0003 来嗅探所有内容,然后在事后过滤掉非ARP 数据包。这对我有用:

import socket
import struct
import binascii

rawSocket = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(0x0003))

while True:

packet = rawSocket.recvfrom(2048)

ethernet_header = packet[0][0:14]
ethernet_detailed = struct.unpack("!6s6s2s", ethernet_header)

arp_header = packet[0][14:42]
arp_detailed = struct.unpack("2s2s1s1s2s6s4s6s4s", arp_header)

# skip non-ARP packets
ethertype = ethernet_detailed[2]
if ethertype != '\x08\x06':
continue

print "****************_ETHERNET_FRAME_****************"
print "Dest MAC: ", binascii.hexlify(ethernet_detailed[0])
print "Source MAC: ", binascii.hexlify(ethernet_detailed[1])
print "Type: ", binascii.hexlify(ethertype)
print "************************************************"
print "******************_ARP_HEADER_******************"
print "Hardware type: ", binascii.hexlify(arp_detailed[0])
print "Protocol type: ", binascii.hexlify(arp_detailed[1])
print "Hardware size: ", binascii.hexlify(arp_detailed[2])
print "Protocol size: ", binascii.hexlify(arp_detailed[3])
print "Opcode: ", binascii.hexlify(arp_detailed[4])
print "Source MAC: ", binascii.hexlify(arp_detailed[5])
print "Source IP: ", socket.inet_ntoa(arp_detailed[6])
print "Dest MAC: ", binascii.hexlify(arp_detailed[7])
print "Dest IP: ", socket.inet_ntoa(arp_detailed[8])
print "*************************************************\n"

使用 arpping 从同一主机广播的示例输出及其回复:

****************_ETHERNET_FRAME_****************
Dest MAC: ffffffffffff
Source MAC: 000c29eb37bf
Type: 0806
************************************************
******************_ARP_HEADER_******************
Hardware type: 0001
Protocol type: 0800
Hardware size: 06
Protocol size: 04
Opcode: 0001
Source MAC: 000c29eb37bf
Source IP: 192.168.16.133
Dest MAC: ffffffffffff
Dest IP: 192.168.16.2
*************************************************

****************_ETHERNET_FRAME_****************
Dest MAC: 000c29eb37bf
Source MAC: 005056f37861
Type: 0806
************************************************
******************_ARP_HEADER_******************
Hardware type: 0001
Protocol type: 0800
Hardware size: 06
Protocol size: 04
Opcode: 0002
Source MAC: 005056f37861
Source IP: 192.168.16.2
Dest MAC: 000c29eb37bf
Dest IP: 192.168.16.133
*************************************************

关于Python arp 嗅探原始套接字无回复数据包,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/24415294/

32 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com