Recently, I received a network security book "python black hat" presented by the Electronic Industry Press, there are a total of 24 experiments in the book, and the 6th experiment (IP decoder) is reproduced today, my test environment is mbp computer + conda development environment + additional windows computer. Because all the Windows systems on my MBP computer couldn't get the IP address of the bridge, I was very devastated, and I had no choice but to use another Windows computer. The main purpose of this experiment is to extract the protocol, source IP and destination IP from the network packets, and it is compatible with Windows and Linux systems.
AILX10
Excellent answerer in cybersecurity
Master's in Cybersecurity
Go to consult
1. Test UDP requests on mbp
2. Only ICMP packets are captured on mbp, so we can see the ICMP reply packets that are unreachable because port 8888 is not open
3. Run the script on another windows system, and then visit the browser, you can see TCP, UDP, ICMP packages, when testing, I visited a well-known website, which has a bunch of hyperlinks, all of which have generated a large number of TCP requests, and you can see that there are both requests and answers
Reference Code:
# -*- coding: utf-8 -*-
# @Time : 2022/6/5 9:45 AM
# @Author : ailx10
# @File : sniffer_ip_header_decode.py
import ipaddress
import os
import socket
import struct
import sys
class IP:
def __init__(self,buff = None):
header = struct.unpack("<BBHHHBBH4s4s",buff)
self.ver = header[0] >> 4
self.ihl = header[0] & 0xF
self.tos= header[1]
self.len = header[2]
self.id = header[3]
self.offset = header[4]
self.ttl = header[5]
self.protocol_num = header[6]
self.sum = header[7]
self.src = header[8]
self.dst = header[9]
self.src_address = ipaddress.ip_address(self.src)
self.dst_address = ipaddress.ip_address(self.dst)
self.protocol_map = {1:"ICMP",6:"TCP",17:"UDP"}
try:
self.protocol = self.protocol_map[self.protocol_num]
except Exception as e:
print("%s No protocol for %s" % (e,self.protocol_num))
self.protocol = str(self.protocol_num)
def sniff(host):
if os.name == "nt":
socket_protocol = socket.IPPROTO_IP
else:
socket_protocol = socket.IPPROTO_ICMP
sniffer = socket.socket(socket.AF_INET,socket.SOCK_RAW,socket_protocol)
sniffer.bind((host,0))
sniffer.setsockopt(socket.IPPROTO_IP,socket.IP_HDRINCL,1)
if os.name == "nt":
sniffer.ioctl(socket.SIO_RCVALL,socket.RCVALL_ON)
try:
while True:
raw_buffer = sniffer.recvfrom(65535)[0]
ip_header = IP(raw_buffer[0:20])
print("Protocol:%s %s->%s"%(ip_header.protocol,ip_header.src_address,ip_header.dst_address))
except KeyboardInterrupt:
if os.name == "nt":
sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_OFF)
sys.exit()
if __name__ == "__main__":
if len(sys.argv) == 2:
host = sys.argv[1]
else:
host = "192.168.0.102"
sniff(host)
Published on 2022-06-05 12:38