|
马上注册,结交更多好友,享用更多功能^_^
您需要 登录 才可以下载或查看,没有账号?立即注册
x
首先先上源代码
- import struct
- import socket
- from ctypes import *
- host = "192.168.0.109"
- # IP头定义
- class IP(Structure):
- _fields_ = [
- ("ihl", c_ubyte, 4),
- ("version", c_ubyte, 4),
- ("tos", c_ubyte),
- ("len", c_ushort),
- ("id", c_ushort),
- ("offset", c_ushort),
- ("ttl", c_ubyte),
- ("protocol_num", c_ubyte),
- ("sum", c_ushort),
- ("src", c_uint),
- ("dst", c_uint),
- ]
- def __new__(self, socket_buffer=None):
- return self.from_buffer_copy(socket_buffer)
- def __init__(self, socket_buffer=None):
- self.protocol_map = {1: "ICMP", 6: "TCP", 17: "UDP"}
- # readable ip address
- # print (struct.pack("L", self.src))
- self.src_address = socket.inet_ntoa(struct.pack("L", self.src))
- self.dst_address = socket.inet_ntoa(struct.pack("L", self.dst))
- #socket.inet_ntoa转换32位打包的IPV4地址为IP地址的标准点号分隔字符串表示
- #pack按照给定的格式(fmt),把数据封装成字符串(实际上是类似于c结构体的字节流)
- """
- fmt 格式
- FORMAT C TYPE PYTHON TYPE STANDARD SIZE NOTES
- x pad byte no value
- c char string of length 1 1
- b signed char integer 1 (3)
- B unsigned char integer 1 (3)
- ? _Bool bool 1 (1)
- h short integer 2 (3)
- H unsigned short integer 2 (3)
- i int integer 4 (3)
- I unsigned int integer 4 (3)
- l long integer 4 (3)
- L unsigned long integer 4 (3)
- q long long integer 8 (2), (3)
- """
-
- # type of protocol
- try:
- self.protocol = self.protocol_map[self.protocol_num]#解析ip头
- except:
- self.protocol = str(self.protocol_num)
- socket_protocol = socket.IPPROTO_IP
- sniffer = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket_protocol)
- sniffer.bind((host, 0))
- sniffer.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
- sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)
- try:
- while True:
- raw_buffer = sniffer.recvfrom(65565)[0]
- ip_header = IP(raw_buffer[:20])
- print ("Protocol: %s %s -> %s " % (ip_header.protocol, ip_header.src_address, ip_header.dst_address))
- except KeyboardInterrupt:
- sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_OFF)
复制代码
这段代码没有错,执行正常.,
只是不太明白
def __new__(self, socket_buffer=None):
return self.from_buffer_copy(socket_buffer)
self.from_buffer_copy(socket_buffer)的用法
还有sniffer.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON
这两句的用法
望大神能详细指点一下
|
|