Example of getting a native IP packet from a python foundation tutorial

  • 2020-04-02 13:24:25
  • OfStack

Raw socket was used these days, and some demo programs were written in python, which was recorded here.

First let's look at a simple sniffer program:


#! /usr/bin/python
# code for linux
import socket
#s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_UDP)
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
while True:
    print s.recvfrom(65535)

In this case, the data is received directly with raw socket, and the print operation is direct. This is only a few lines of code, there is nothing to explain, do not understand Google.

Get IP packets, the next job is to parse the IP header, before that, let's look at what is defined in RFC (RFC791: http://www.ietf.org/rfc/rfc791.txt) :

< img border = 0 id = theimg onclick = window. The open this. (SRC) SRC = "/ / files.jb51.net/file_images/article/201402/20140210102317.jpg? 2014110102744 ">

That is, the corresponding graph:

< img border = 0 id = theimg onclick = window. The open this. (SRC) SRC = "/ / files.jb51.net/file_images/article/201402/20140210102336.jpg? 201411010289 ">

From the RFC and the figure above, we can see the number of bits occupied by each field of the IP data packet header. We can parse the IP data packet header according to these definitions, and then process the data according to the corresponding policies.
Here is a piece of code that USES python to parse the IP header (oh, the code in the demo, only parsed the first 20 bytes) :


def decodeIpHeader(packet):
        mapRet = {}
        mapRet["version"] = (int(ord(packet[0])) & 0xF0)>>4
        mapRet["headerLen"] = (int(ord(packet[0])) & 0x0F)<<2
        mapRet["serviceType"] = hex(int(ord(packet[1])))
        mapRet["totalLen"] = (int(ord(packet[2])<<8))+(int(ord(packet[3])))
        mapRet["identification"] = (int( ord(packet[4])>>8 )) + (int( ord(packet[5])))
        mapRet["id"] = int(ord(packet[6]) & 0xE0)>>5
        mapRet["fragOff"] = int(ord(packet[6]) & 0x1F)<<8 + int(ord(packet[7]))
        mapRet["ttl"] = int(ord(packet[8]))
        mapRet["protocol"] = int(ord(packet[9]))
        mapRet["checkSum"] = int(ord(packet[10])<<8)+int(ord(packet[11]))
        mapRet["srcaddr"] = "%d.%d.%d.%d" % (int(ord(packet[12])),int(ord(packet[13])),int(ord(packet[14])), int(ord(packet[15])))
        mapRet["dstaddr"] = "%d.%d.%d.%d" % (int(ord(packet[16])),int(ord(packet[17])),int(ord(packet[18])), int(ord(packet[19])))
        return mapRet

Calling code:


proto = socket.getprotobyname('tcp') # only tcp
sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, proto)
while True:
        packet = sock.recvfrom(65535)[0]
        if len(packet) == 0:
                sck.close()
        else:
                #print str(packet)
                mapIpTmp = decodeIpHeader(packet)
                for k,v in mapIpTmp.items():
                        print k,"t:t",v
        print ""


Related articles: