Python sniffing with packet capture

Source: Internet
Author: User
Tags ord response code unpack

First, Introduction

Recently, I've been trying to get a proxy and read the data packets to sniff through traffic. So today I learned how to use Python to grab and unpack the package.

Two modules are used first

Dpkt (My Side ubuntu16.04 LTS) Python2.7 installed in the default

PCAP Installation

1 Install Pypcap

Then say, pypcap mainly used to grab packets or sniffer, DPKT used to unpack, I know dpkt is to unpack the transport layer and the transmission layer of the data is quite good, but for the application layer data interpretation is slag slag. Especially HTTP, so the HTTP part unpacked, was my own rewrite, and did not use Dpkt.http.Request and dpkt.http.Response. (The total of his mother error).

Second, the current to do:

(1) Normal decoding of request and response packets.

(2) Failure to interpret packet interpretation for long connection data transmission.

Third, the first to grasp the bag

1 ImportPcap2 Importdpkt3 4Sniffer = Pcap.pcap (name="eth1")#Name parameter = Interface Name5Sniffer.setfilter ("TCP")#Filter Sentence6  forPacket_time Packet_datainchSniifer:7     Pass8 9 #packet_time = packet Receive timeTen #Packet_data = Ethernet level Data

Four, unpacking:

1Packet = dpkt.ethernet.Ethernet (pdata)#Two-layer data message.2 Print "SRC ip:%d.%d.%d.%d"%Tuple (Map (ord,list (PACKET.DATA.SRC)))3 Print "DST ip:%d.%d.%d.%d"%Tuple (Map (ord,list (PACKET.DATA.DST)))4 Print "SRC port:%s"%Packet.data.data.sport5 Print "DST port:%s"%packet.data.data.dport

The HTTP part is the package I have solved myself:

1 defHttp_request_analyst (String):2string = String[1:-1]3method = String.Split (" ") [0]4         Print "Method:", Method5Path = String.Split (" ") [1]6         Print "Path:", Urllib.unquote (path)7Protover = String.Split (" ") [2].split ("\\r\\n") [0]8         Print "Protocol Version:", Protover9headers = String.Split ("\\r\\n\\r\\n") [0].split ("\\r\\n") [1:]Ten         Print "^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^" One         Print "Header:" A          forHeaderinchheaders: -Header = Header.split (":") -                 Try: theHstr ="%s:%s"% (str (header[0]), str (header[1]))ifHEADER[0] not inch["Referer"]Else "%s:%s:%s"% (str (header[0]), str (header[1]), str (header[2])) -                 exceptException,ex: -                         Print "[*]", ex -                         PrintHeader + raw_input () -                 PrintHstr +         Print "^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^" A         Print "Data:", String.Split ("\\r\\n") [-1]
1 defHttp_response_analyst (String):2string = String[1:-1]3Protover = String.Split (" ") [0]4         Print "Protocol Version:", Protover5Status_code = String.Split (" ") [1]6         Print "Response Code:", Status_code7status_string = String.Split (" ") [2].split ("\\r\\n") [0]8         Print "Reposne String:", Status_string9headers = String.Split ("\\r\\n\\r\\n") [0].split ("\\r\\n") [1:]Ten         Printrepr (Headers) One         Printrepr (String) A         Print "^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^" -         Print "Header:" -          forHeaderinchheaders: theHeader = Header.split (":") -                 Try: -Hstr ="%s:%s"% (str (header[0]), str (header[1]))ifHEADER[0] not inch["Referer"]Else "%s:%s:%s"% (str (header[0]), str (header[1]), str (header[2])) -                 exceptException,ex: +                         Print "[*]", ex -                         PrintHeader + raw_input () A                 PrintHstr at         Print "^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^" -         Print "Data:", String.Split ("\\r\\n") [-1]

Six, the effect of:

Python sniffing with packet capture

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.