Python sniffing with packet capture

First, Introduction

Recently, I've been trying to get a proxy and read the data packets to sniff through traffic. So today I learned how to use Python to grab and unpack the package.

Two modules are used first

Dpkt (My Side ubuntu16.04 LTS) Python2.7 installed in the default

PCAP Installation

1 Install Pypcap

Then say, pypcap mainly used to grab packets or sniffer, DPKT used to unpack, I know dpkt is to unpack the transport layer and the transmission layer of the data is quite good, but for the application layer data interpretation is slag slag. Especially HTTP, so the HTTP part unpacked, was my own rewrite, and did not use Dpkt.http.Request and dpkt.http.Response. (The total of his mother error).

Second, the current to do:

(1) Normal decoding of request and response packets.

(2) Failure to interpret packet interpretation for long connection data transmission.

Third, the first to grasp the bag

1 ImportPcap2 Importdpkt3 4Sniffer = Pcap.pcap (name="eth1")#Name parameter = Interface Name5Sniffer.setfilter ("TCP")#Filter Sentence6  forPacket_time Packet_datainchSniifer:7     Pass8 9 #packet_time = packet Receive timeTen #Packet_data = Ethernet level Data

Four, unpacking:

1Packet = dpkt.ethernet.Ethernet (pdata)#Two-layer data message.2 Print "SRC ip:%d.%d.%d.%d"%Tuple (Map (ord,list (PACKET.DATA.SRC)))3 Print "DST ip:%d.%d.%d.%d"%Tuple (Map (ord,list (PACKET.DATA.DST)))4 Print "SRC port:%s"%Packet.data.data.sport5 Print "DST port:%s"%packet.data.data.dport

The HTTP part is the package I have solved myself:

1 defHttp_request_analyst (String):2string = String[1:-1]3method = String.Split (" ") [0]4         Print "Method:", Method5Path = String.Split (" ") [1]6         Print "Path:", Urllib.unquote (path)7Protover = String.Split (" ") [2].split ("\\r\\n") [0]8         Print "Protocol Version:", Protover9headers = String.Split ("\\r\\n\\r\\n") [0].split ("\\r\\n") [1:]Ten         Print "^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^" One         Print "Header:" A          forHeaderinchheaders: -Header = Header.split (":") -                 Try: theHstr ="%s:%s"% (str (header[0]), str (header[1]))ifHEADER[0] not inch["Referer"]Else "%s:%s:%s"% (str (header[0]), str (header[1]), str (header[2])) -                 exceptException,ex: -                         Print "[*]", ex -                         PrintHeader + raw_input () -                 PrintHstr +         Print "^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^" A         Print "Data:", String.Split ("\\r\\n") [-1]

1 defHttp_response_analyst (String):2string = String[1:-1]3Protover = String.Split (" ") [0]4         Print "Protocol Version:", Protover5Status_code = String.Split (" ") [1]6         Print "Response Code:", Status_code7status_string = String.Split (" ") [2].split ("\\r\\n") [0]8         Print "Reposne String:", Status_string9headers = String.Split ("\\r\\n\\r\\n") [0].split ("\\r\\n") [1:]Ten         Printrepr (Headers) One         Printrepr (String) A         Print "^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^" -         Print "Header:" -          forHeaderinchheaders: theHeader = Header.split (":") -                 Try: -Hstr ="%s:%s"% (str (header[0]), str (header[1]))ifHEADER[0] not inch["Referer"]Else "%s:%s:%s"% (str (header[0]), str (header[1]), str (header[2])) -                 exceptException,ex: +                         Print "[*]", ex -                         PrintHeader + raw_input () A                 PrintHstr at         Print "^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^" -         Print "Data:", String.Split ("\\r\\n") [-1]

Six, the effect of:

Python sniffing with packet capture