为了更好地理解网络概念并提高我的Python技能,我正在尝试使用Python实现数据包嗅探器。我刚开始学习Python,所以代码当然还可以优化;)
我已经实现了一个数据包嗅探器,可以解包以太网帧和ARP头。我想使用原始套接字来实现它,因为我想了解这些头中的每个字节,所以请不要使用Scapy帮助:)
问题是,我无法获得任何ARP回复包。它总是操作码1,而我...
以下是我的源代码:
import socket
import struct
import binascii
rawSocket = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(0x0806))
while True:
packet = rawSocket.recvfrom(2048)
ethernet_header = packet[0][0:14]
ethernet_detailed = struct.unpack("!6s6s2s", ethernet_header)
arp_header = packet[0][14:42]
arp_detailed = struct.unpack("2s2s1s1s2s6s4s6s4s", arp_header)
print "****************_ETHERNET_FRAME_****************"
print "Dest MAC: ", binascii.hexlify(ethernet_detailed[0])
print "Source MAC: ", binascii.hexlify(ethernet_detailed[1])
print "Type: ", binascii.hexlify(ethernet_detailed[2])
print "************************************************"
print "******************_ARP_HEADER_******************"
print "Hardware type: ", binascii.hexlify(arp_detailed[0])
print "Protocol type: ", binascii.hexlify(arp_detailed[1])
print "Hardware size: ", binascii.hexlify(arp_detailed[2])
print "Protocol size: ", binascii.hexlify(arp_detailed[3])
print "Opcode: ", binascii.hexlify(arp_detailed[4])
print "Source MAC: ", binascii.hexlify(arp_detailed[5])
print "Source IP: ", socket.inet_ntoa(arp_detailed[6])
print "Dest MAC: ", binascii.hexlify(arp_detailed[7])
print "Dest IP: ", socket.inet_ntoa(arp_detailed[8])
print "*************************************************\n"
请问为什么我只收到这些响应包而没有其他响应?
输出:
****************_ETHERNET_FRAME_****************
Dest MAC: ffffffffffff
Source MAC: 0012bfc87243
Type: 0806
************************************************
******************_ARP_HEADER_******************
Hardware type: 0001
Protocol type: 0800
Hardware size: 06
Protocol size: 04
Opcode: 0001
Source MAC: 0012bfc87243
Source IP: 192.168.2.1
Dest MAC: 000000000000
Dest IP: 192.168.2.226
*************************************************
到目前为止,谢谢! :)
recvfrom()
似乎只能捕获入站数据包,而不能捕获出站数据包。在这种情况下,操作码2(ARP回复)是出站的,因此无法被捕获。 - Santa