scapy简单实现嗅探功能

一、安装环境

pip install scapy
pip install pypcapf
apt-get install libpcap-dev
apt-get install tcpdump
apt-get install graphviz
apt-get install imagemagick
apt-get install python-gnuplot
apt-get install python-crypto
apt-get install python-pyx

二、简单实现嗅探功能

#! /usr/bin/env python
#coding:utf-8
from scapy.all import *
import time

def timestamp2time(timestamp):
    timeArray = time.localtime(timestamp)
    mytime = time.strftime("%Y-%m-%d %H:%M:%S", timeArray)
    return mytime

def pack_callback(packet):
    if "host: " in str(packet.payload).lower():
        #print "TimeStamp:%s" % packet.time                 #当前时间
        #print "Sniff-Time:%s"% timestamp2time(packet.time) #当前时间
        #print "Src-IP:%s" % packet[IP].src                 #源IP地址
        #print "Src-Port:%s" % packet[TCP].sport            #源端口
        #print "Dst-IP:%s"%packet[IP].dst                   #目标IP地址
        #print "Dst-IP:%s" % packet[TCP].dport              #目标端口
        #print "%s"%packet[TCP].payload                     #报信息
        #print "%s"%packet.summary()                        #显示数据摘要
        #print "%s"%packet.show()                           #显示数据包的状况
        print "%s --- %s:%s --> %s:%s " %(timestamp2time(packet.time),packet[IP].src,packet.sport,packet[IP].dst,packet.dport)
        print packet[TCP].payload
        #print "%s"%packet.src
        print "*******************************************************************"

sniff(filter="tcp port 80 and src host 192.168.88.3",prn=pack_callback,iface="eth0",count=0)
        # 标准格式：sniff(filter="",iface="any",prn=function,count=N)
        # filter 对scapy嗅探的数据包 指定一个 BPF（wireshark类型）的过滤器，留空嗅探所有数据包
        # iface  设置所需要嗅探的网卡，留空嗅探所有网卡
        # prn    指定嗅探到符合过滤器条件的数据包时所调用的回调函数,这个回调函数以接受到的数据包对象作为唯一的参数。
        # count  指定嗅探的数据包的个数，留空则默认为嗅探无限个

    '''
    sniff(iface="eth0",prn=lambda x:x.summary())
    sniff(iface="eth0",prn=lambda x:x.show())
    pkts = sniff(prn=lambda x:x.sprintf("{IP:%IP.src% -> %IP.dst%\n}{Raw:%Raw.load%\n}"))
    pkts = sniff(prn=lambda x:x.sprintf("{IP:%IP.dst% {ICMP:%ICMP.type%}{TCP:%TCP.dport%}}"))
    '''

5A9FA017-D71B-415C-BA71-AE902F0C455C.png