Abandoned for one months, picked up again, rusty a lot. Found in the article "4.1 under" did not mention the Pcap library, it is not supposed to.
In the Network data Analysis tool, Tcpdump is definitely the famous, tcpdump bottom is Libpcap library, written by C language. The Pcapy module is a libpcap-based Python interface. Pcapy's project address on GitHub is: Https://github.com/CoreSecurity/pcapy.
Let's take a look at how to implement a packet capture using Pcapy.
#!/usr/bin/pythonimport pcapydev = "eth0"filter = "tcp and port 80"def handle_packet(hdr, data): print datapcap = pcapy.open_live(dev, 1500, 0, 100)pcap.setfilter(filter)pcap.loop(0, handle_packet)
The above code is very simple, first import the Pcapy module, after the definition of two variables, Dev is to listen to the network card, filter is the BPF format filter expression, here we only capture the HTTP protocol data. The Handle_packet method is used to handle the logic of the captured packet, where we simply print the captured data, and in subsequent articles we will continue to extend the method for data parsing.
The last three lines of code are specific applications where we use pcapy for data capture.
pcap = pcapy.open_live(dev, 1500, 0, 100)
Open_live method The first parameter is the device to be opened, the second parameter is the size of the capture packet, whether the third parameter turns on promiscuous mode, the fourth parameter is the delay time to wait for the packet, and the method returns a Pcapy object.
pcap.setfilter(filter)
Call the SetFilter method to set the filter.
pcap.loop(0, handle_packet)
Call the loop method to begin a packet capture, the first parameter of the method is the number of executions, less than or equal to 0 is unrestricted, and the second parameter is a packet handler.
Well, just to add that so much, the results of the operation are as follows:
Finally thanks to those who do not abandon friends!
Section 4.2 section"4.1 Sniffer (sniffer) data analysis" has been first published in the subscription number, enter the subscription number (QR code below), from the menu "Essence ", "Python Black Hat programming " enter.
To see the full range of tutorials, follow my subscription number (xuanhun521, QR code below) and reply to "Python". Question discussion please add QQ Group: Hacking (1 group): 303242737 Hacking (2 group): 147098303.
Welcome attention to "Xuan Soul Studio"
Python Black Hat programming 4.1 SNIFFER (Sniffer) data capture--supplemental