实验内容
设计一个可以监视网络的状态、数据流动情况以及网络上传输 的信息的网络嗅探器
代码
import socket
import threading
import time
import logging
import struct
import ctypes
activeDegree = dict()
flag = 1
'''
IP层 协议字段:占8比特。指明IP层所封装的上层协议类型,如ICMP(1)、IGMP(2) 、TCP(6)、UDP(17)
'''
def main():
global activeDegree
global glag
# 获取本机IP地址
HOST = socket.gethostbyname(socket.gethostname())
print("HOST: ", HOST)
# 创建原始套接字,适用于Windows平台
# 对于其他系统,要把socket.IPPROTO_IP替换为socket.IPPROTO_ICMP
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_IP)
s.bind((HOST, 0))
# s.connect((''))
# 设置在捕获数据包中含有IP包头
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
# 启用混杂模式,捕获所有数据包
s.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)
# 开始捕获数据包
while flag:
data, addr = s.recvfrom(65535)
mac_len = parse_mac(data)
ip_len, pro = parse_ip(data)
if pro == 6:
parse_tcp(data, ip_len)
elif pro == 1:
parse_icmp(data, ip_len)
# if len(data) - mac_len - ip_len >= 8:
elif pro == 17:
parse_udp(data, mac_len + ip_len)
# print('mac: ', mac)
# print('get addr', addr)
host = addr[0]
activeDegree[host] = activeDegree.get(host, 0) + 1
# if addr[0] != HOST:
# print(addr[0])
# 关闭混杂模式
s.ioctl(socket.SIO_RCVALL, socket.RCVALL_OFF)
s.close()
def parse_mac(raw_buffer):
# parse ethernet header
eth_length = 14
eth_header = raw_buffer[:eth_length]
eth = struct.unpack('!6s6sH', eth_header)
eth_protocol = socket.ntohs(eth[2])
print('Destination MAC : ' + eth_addr(raw_buffer[0:6]) + \
' Source MAC : ' + eth_addr(raw_buffer[6:12]) + ' Protocol : ' + str(eth_protocol))
# print('P->13/14: '+eth_protocol(raw_buffer[12:14]))
return eth_length
def eth_addr(a):
b = "%.2x:%.2x:%.2x:%.2x:%.2x:%.2x" % (a[0], a[1], a[2], a[3], a[4], a[5])
return b
def parse_tcp(raw_buffer, iph_length):
tcp_header = raw_buffer[iph_length: iph_length + 20]
tcph = struct.unpack('!HHLLBBHHH', tcp_header)
source_port = tcph[0]
dest_port = tcph[1]
sequence = tcph[2]
acknowledgement = tcph[3]
doff_reserved = tcph[4]
tcph_length = doff_reserved >> 4
print(('TCP => Source Port: {source_port}, Dest Port: {dest_port}'
' Sequence Number: {sequence} Acknowledgement: {acknowledgement}'
' TCP header length: {tcph_length}').format(
source_port=source_port, dest_port=dest_port,
sequence=sequence, acknowledgement=acknowledgement,
tcph_length=tcph_length
))
def parse_udp(raw_buffer, idx):
udph_length = 8
udp_header = raw_buffer[idx: idx + udph_length]
udph = struct.unpack('!HHHH', udp_header)
source_port = udph[0]
dest_port = udph[1]
length = udph[2]
checksum = udph[3]
print(('UDP => Source Port: {source_port}, Dest Port: {dest_port} '
'Length: {length} CheckSum: {checksum}').format(
source_port=source_port, dest_port=dest_port,
length=length, checksum=checksum
))
def parse_ip(raw_buffer):
# IP 头
ip_header = raw_buffer[0:20]
# 解析IP头
# see http://blog.guozengxin.cn/2013/07/25/python-struct-pack-unpack
iph = struct.unpack('!BBHHHBBH4s4s', ip_header)
version_ihl = iph[0]
version = version_ihl >> 4
ihl = version_ihl & 0xF
iph_length = ihl * 4
ttl = iph[5]
protocol = iph[6]
s_addr = socket.inet_ntoa(iph[8])
d_addr = socket.inet_ntoa(iph[9])
print(('IP -> Version: {version}, Header Length: {header},'
'TTL: {ttl}, Protocol: {protocol}, Source IP: {source},'
'Destination IP: {destination}').format(
version=version, header=iph_length,
ttl=ttl, protocol=protocol, source=s_addr,
destination=d_addr
))
return iph_length, protocol
def parse_icmp(raw_buffer, iph_length):
buf = raw_buffer[iph_length : iph_length + ctypes.sizeof(ICMP)]
icmp_header = ICMP(buf)
print(('ICMP -> Type:%d, Code: %d, CheckSum: %d'
% (icmp_header.type, icmp_header.code, icmp_header.checksum)))
class ICMP(ctypes.Structure):
"""ICMP 结构体"""
_fields_ = [
('type', ctypes.c_ubyte),
('code', ctypes.c_ubyte),
('checksum', ctypes.c_ushort),
('unused', ctypes.c_ushort),
('next_hop_mtu', ctypes.c_ushort)
]
def __new__(self, socket_buffer):
return self.from_buffer_copy(socket_buffer)
def __init__(self, socket_buffer):
pass
t = threading.Thread(target=main)
t.start()
time.sleep(60)
flag = 0
t.join()
for item in activeDegree.items():
print(item)