抓包、python网络编程之tcp、udp例子
抓包
tcpdump
- 可以将网络
- -i:interface监听网卡
-
[root@server5 ~]# tcpdump -i ens33
11:09:26.967399 IP server5.example.com.ssh > localhost.53420: Flags [P.], seq 3438092:3438272, ack 521, win 251, length 180
- - nn:以ip和port方式显示来源主机和目的主机
-
[root@server3 ~]# ping -c 5 192.168.109.138
PING 192.168.109.138 (192.168.109.138) 56(84) bytes of data.
64 bytes from 192.168.109.138: icmp_seq=1 ttl=64 time=1.50 ms
64 bytes from 192.168.109.138: icmp_seq=2 ttl=64 time=0.215 ms
64 bytes from 192.168.109.138: icmp_seq=3 ttl=64 time=0.584 ms
64 bytes from 192.168.109.138: icmp_seq=4 ttl=64 time=0.236 ms
64 bytes from 192.168.109.138: icmp_seq=5 ttl=64 time=0.226 ms
root@server5 ~]# tcpdump -i ens33 -nn 'icmp'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 65535 bytes
11:13:52.860920 IP 192.168.109.131 > 192.168.109.138: ICMP echo request, id 25157, seq 1, length 64
11:13:52.860972 IP 192.168.109.138 > 192.168.109.131: ICMP echo reply, id 25157, seq 1, length 64
11:13:53.862829 IP 192.168.109.131 > 192.168.109.138: ICMP echo request, id 25157, seq 2, length 64
11:13:53.862874 IP 192.168.109.138 > 192.168.109.131: ICMP echo reply, id 25157, seq 2, length 64
11:13:54.864056 IP 192.168.109.131 > 192.168.109.138: ICMP echo request, id 25157, seq 3, length 64
11:13:54.864115 IP 192.168.109.138 > 192.168.109.131: ICMP echo reply, id 25157, seq 3, length 64
11:13:55.864911 IP 192.168.109.131 > 192.168.109.138: ICMP echo request, id 25157, seq 4, length 64
11:13:55.864961 IP 192.168.109.138 > 192.168.109.131: ICMP echo reply, id 25157, seq 4, length 64
11:13:56.865994 IP 192.168.109.131 > 192.168.109.138: ICMP echo request, id 25157, seq 5, length 64
11:13:56.866044 IP 192.168.109.138 > 192.168.109.131: ICMP echo reply, id 25157, seq 5, length 64
-
- A:以ASCII方式显示数据包(抓取web数据)
- X:数据包将会以十六进制和ASCII方式显示;常见表达式:host(主机)、port(端口)、src host(发包主机)、dst host(收包主机);多个条件,and、or组合,取反 ! 。
-
[root@server5 ~]# tcpdump -i ens33 -nn 'src host 192.168.109.138'
11:20:33.812916 IP 192.168.109.138.22 > 192.168.109.1.53420: Flags [P.], seq 2067212:2067392, ack 313, win 273, length 180
[root@server5 ~]# tcpdump -i ens33 -nn 'dst host 192.168.109.138
11:21:45.176663 IP 192.168.109.1.53420 > 192.168.109.138.22: Flags [.], ack 1762294598, win 256, length 0
[root@server5 ~]# tcpdump -i ens33 -nnA 'port 80'
n........*.....M.....H.y..qR.0..aUqX....R._...?,e......~..........@t.........!...T....P>Q...`DPR..,[email protected]. ...yh.
.......*...Me.n.".....zk...?M.....TO....P4w........jQ;.
..d5Y....$A..KTZ76b.......CE.0E.:q.5..'\\L[..#[email protected]!......P......LS#.)RaG..-! u.....(..|..&..c.b.S^.t<....B......nj"j...s
[root@server2 ~]# curl 192.168.109.138:80
curl: (7) Failed connect to 192.168.109.138:80; No route to host
[root@server5 ~]# tcpdump -i ens33 -nnA 'port 80 and src host 192.168.109.136'
..j........
11:28:23.459622 IP 192.168.109.136.58326 > 192.168.109.138.80: Flags [S], seq 3779477931, win 29200, options [mss 1460,sackOK,TS val 177019357 ecr 0,nop,wscale 7], length 0
E..- w:直接将分组写入文件中,不打印
- c:指定分组数量
- d:将匹配的信息包以人们能够理解的汇编格式给出
- dd:将匹配信息包的代码以C语言程序段格式给出
- ddd:将匹配的信息包的代码以十进制形式给出
wireshark
- 安装方便
- 简单易用的界面
- 提供丰富的界面
网络编程
套接字
- 两种类型的套接字:基于文件和面向网络的;
- Python支持:AF_UNIX、AF_NETLINK、AF_TIPC、AF_INET
- 面向连接的套接字:SOCK_STREAM、AF_INET
- 面向无连接的套接字:SOCK_DGRAM
网络编程实例
- 例子1,本机tcp进程通信
### client.py ###
import socket #导入socket和thread模块所有属性
from thread import *
print "Client"
HOST = "localhost"
PORT = 5001
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)#创建一个socket,返回socket的描述符
s.connect((HOST,PORT))
while True:
data2 = raw_input()
s.sendall(data2)
### server.py ###
import socket
print "Server"
HOST = "localhost"
PORT = 5001
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((HOST, PORT))
s.listen(1)
conn, addr = s.accept()
print 'Connected by', addr
while 1:
data = conn.recv(1024)
print data
if data == "Ping":
print "Pong!"
conn.close()
-
- 例子2 不同网段tcp通信
[root@server2 ~]# cat test.py
import socket
from thread import *
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print 'Socket Created' # 创建socket
host = 'www.baidu.com'
port = 80
remote_ip = socket.gethostbyname( host ) # 通过主机名得到IP地址
print 'Hostname could not be resolved. Exiting'
s.connect((remote_ip , port)) # 使用IP和Port连接
print 'Socket Connected to ' + host + ' on ip ' + remote_ip
message="GET / HTTP/1.1\r\n\r\n"#请求返回首页内容
try:
s.sendall(message) # 发送消息
except socket.error:
print 'Send failed'
sys.exit()
print "Message send successfully"
reply=s.recv(4096) # 回复消息
print reply
s.close()
[root@server2 ~]# python test.py
Socket Created
Hostname could not be resolved. Exiting
Socket Connected to www.baidu.com on ip 61.135.169.125
Message send successfully
HTTP/1.1 302 Moved Temporarily
Date: Wed, 16 Aug 2017 08:13:57 GMT
Content-Type: text/html
Content-Length: 215
Connection: Keep-Alive
Location: http://www.baidu.com/search/error.html
Server: BWS/1.1
X-UA-Compatible: IE=Edge,chrome=1
BDPAGETYPE: 3
Set-Cookie: BDSVRTM=0; path=/
302 Found
302 Found
pr-nginx_1-0-350_BRANCH Branch
Time : Tue Aug 8 20:41:04 CST 2017
-
- 例子3 udp本机通信
[root@server2 ~]# cat udpclient.py
import socket
s=socket.socket(socket.AF_INET,socket.SOCK_DGRAM)
for data in ['Moring','Afternoon','GoodNight']:
s.sendto(data,("127.0.0.1",9999))
print s.recv(1024)
s.close()
[root@server2 ~]# cat udpserver.py
import socket
#from thread import *
s=socket.socket(socket.AF_INET,socket.SOCK_DGRAM)
s.bind(('127.0.0.1',9999))
print 'Bind UDP on 9999...'
while True:
data,addr=s.recvfrom(1024)
print 'Received from %s:%s' % addr
s.sendto("Hello,%s!" % data, addr)
[root@server2 ~]# python udpserver.py
Bind UDP on 9999...
Received from 127.0.0.1:45357
Received from 127.0.0.1:45357
Received from 127.0.0.1:45357
[root@server2 ~]# python udpclient.py
Hello,Moring!
Hello,Afternoon!
Hello,GoodNight!
| 异常 | 描述 |
|---|---|
| error | 套接字相关错误 |
| herror | 主机和地址相关错误 |
| gaierror | 地址相关错误 |