1. 首頁
  2. 問答
  3. Python arp嗅探原始套接字沒有回覆數據包

Python arp嗅探原始套接字沒有回覆數據包

2014-06-25 58 views
13

瞭解網絡概念有點更好,並提高我的Python技能我試圖用python實現數據包嗅探器。我剛開始學python,所以代碼可以優化當然;)Python arp嗅探原始套接字沒有回覆數據包

我已經實現了一個包解包以太網幀和arp頭的數據包嗅探器。我想使用原始套接字,因爲我想了解這些頭文件中的每個字節,所以請不要scapy幫助:)

問題是,我沒有得到任何ARP響應數據包。 It's總是操作碼1和我

這裏是我的源代碼:

import socket 
import struct 
import binascii 

rawSocket = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(0x0806)) 

while True: 

    packet = rawSocket.recvfrom(2048) 

    ethernet_header = packet[0][0:14] 
    ethernet_detailed = struct.unpack("!6s6s2s", ethernet_header) 

    arp_header = packet[0][14:42] 
    arp_detailed = struct.unpack("2s2s1s1s2s6s4s6s4s", arp_header) 

    print "****************_ETHERNET_FRAME_****************" 
    print "Dest MAC:  ", binascii.hexlify(ethernet_detailed[0]) 
    print "Source MAC:  ", binascii.hexlify(ethernet_detailed[1]) 
    print "Type:   ", binascii.hexlify(ethernet_detailed[2]) 
    print "************************************************" 
    print "******************_ARP_HEADER_******************" 
    print "Hardware type: ", binascii.hexlify(arp_detailed[0]) 
    print "Protocol type: ", binascii.hexlify(arp_detailed[1]) 
    print "Hardware size: ", binascii.hexlify(arp_detailed[2]) 
    print "Protocol size: ", binascii.hexlify(arp_detailed[3]) 
    print "Opcode:   ", binascii.hexlify(arp_detailed[4]) 
    print "Source MAC:  ", binascii.hexlify(arp_detailed[5]) 
    print "Source IP:  ", socket.inet_ntoa(arp_detailed[6]) 
    print "Dest MAC:  ", binascii.hexlify(arp_detailed[7]) 
    print "Dest IP:   ", socket.inet_ntoa(arp_detailed[8]) 
    print "*************************************************\n"

可能有人請解釋一下我爲什麼,我只是這些,沒有得到響應數據包?

OUTPUT:

****************_ETHERNET_FRAME_**************** 
Dest MAC:   ffffffffffff 
Source MAC:  0012bfc87243 
Type:    0806 
************************************************ 
******************_ARP_HEADER_****************** 
Hardware type: 0001 
Protocol type: 0800 
Hardware size: 06 
Protocol size: 04 
Opcode:   0001 
Source MAC:  0012bfc87243 
Source IP:  192.168.2.1 
Dest MAC:   000000000000 
Dest IP:   192.168.2.226 
*************************************************

感謝這麼遠! :)

來源

2014-06-25 user3325230

+0

我不認爲這是ARP操作碼本身。您的'recvfrom()'似乎只能捕獲*入站*包,而不是出站包。在這種情況下,操作碼2(ARP應答)出站,並且未被捕獲。 – Santa

+0

如果您運行腳本並讓您的計算機發送ARP ping,則只會看到操作碼2(ARP回覆),而不會顯示原始出站ping。 – Santa

回答

14

我認爲你需要指定套接字協議號0x0003來嗅探一切,然後在事後過濾掉非ARP數據包。這爲我工作:使用

import socket 
import struct 
import binascii 

rawSocket = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(0x0003)) 

while True: 

    packet = rawSocket.recvfrom(2048) 

    ethernet_header = packet[0][0:14] 
    ethernet_detailed = struct.unpack("!6s6s2s", ethernet_header) 

    arp_header = packet[0][14:42] 
    arp_detailed = struct.unpack("2s2s1s1s2s6s4s6s4s", arp_header) 

    # skip non-ARP packets 
    ethertype = ethernet_detailed[2] 
    if ethertype != '\x08\x06': 
     continue 

    print "****************_ETHERNET_FRAME_****************" 
    print "Dest MAC:  ", binascii.hexlify(ethernet_detailed[0]) 
    print "Source MAC:  ", binascii.hexlify(ethernet_detailed[1]) 
    print "Type:   ", binascii.hexlify(ethertype) 
    print "************************************************" 
    print "******************_ARP_HEADER_******************" 
    print "Hardware type: ", binascii.hexlify(arp_detailed[0]) 
    print "Protocol type: ", binascii.hexlify(arp_detailed[1]) 
    print "Hardware size: ", binascii.hexlify(arp_detailed[2]) 
    print "Protocol size: ", binascii.hexlify(arp_detailed[3]) 
    print "Opcode:   ", binascii.hexlify(arp_detailed[4]) 
    print "Source MAC:  ", binascii.hexlify(arp_detailed[5]) 
    print "Source IP:  ", socket.inet_ntoa(arp_detailed[6]) 
    print "Dest MAC:  ", binascii.hexlify(arp_detailed[7]) 
    print "Dest IP:   ", socket.inet_ntoa(arp_detailed[8]) 
    print "*************************************************\n"

樣本輸出arpping廣播從相同的主機和其答覆:

****************_ETHERNET_FRAME_**************** 
Dest MAC:   ffffffffffff 
Source MAC:  000c29eb37bf 
Type:    0806 
************************************************ 
******************_ARP_HEADER_****************** 
Hardware type: 0001 
Protocol type: 0800 
Hardware size: 06 
Protocol size: 04 
Opcode:   0001 
Source MAC:  000c29eb37bf 
Source IP:  192.168.16.133 
Dest MAC:   ffffffffffff 
Dest IP:   192.168.16.2 
************************************************* 

****************_ETHERNET_FRAME_**************** 
Dest MAC:   000c29eb37bf 
Source MAC:  005056f37861 
Type:    0806 
************************************************ 
******************_ARP_HEADER_****************** 
Hardware type: 0001 
Protocol type: 0800 
Hardware size: 06 
Protocol size: 04 
Opcode:   0002 
Source MAC:  005056f37861 
Source IP:  192.168.16.2 
Dest MAC:   000c29eb37bf 
Dest IP:   192.168.16.133 
*************************************************

來源

2014-06-25 18:39:00 Santa

+0

好的,謝謝!這絕對有用!現在我必須分析這種行爲!謝謝! – user3325230

+0

感謝您的支持!你怎麼知道協議'0x0003'會嗅探一切?我正在閱讀「分配的互聯網協議號碼」文件,它說數字「3」是GGP - 網關到網關。 – Matt

+1

第三個參數('proto')的語義實際上取決於第一個參數中的AF_ *族。對於'AF_PACKET',協議'0x3'意味着Linux標頭中的「所有以太網幀」或「ETH_P_ALL」。 – Santa

相關問題

 相關問題