Created
May 8, 2012 20:16
-
-
Save DTailor/2638962 to your computer and use it in GitHub Desktop.
Raw Socket Sniffer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import socket | |
from struct import * | |
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP) | |
while True: | |
pack = s.recvfrom(20000) | |
#Get the single element from the tuple | |
packet = pack[0] | |
#Extract the first 20 bytes | |
data = packet[0:20] | |
# Now we have to unpack each element from this raw data | |
ip_header_data = unpack('!BBHHHBBH4s4s', data) | |
#To the the ip version we have to shift | |
#the first element 4 bits right. Because in the first element | |
#is stored the ip version and the header lenght in this way | |
#first four bits are ip version and the last 4 bites are | |
#the header lenght | |
ip_version = ip_header_data[0] >> 4 | |
#Now to get the header lenght we use "and" operation to make the | |
#Ip versional bits equal to zero, in order to the the desired data | |
IHL = ip_header_data[0] & 0x0F | |
#Diferentiated services doesn't need any magic opperations, | |
#so we jus grab it from the tuple | |
diff_services = ip_header_data[1] | |
#Total lenght is also easy to extract | |
total_length = ip_header_data[2] | |
#The same goes for identification | |
id_ = ip_header_data[3] | |
#The "Flags" and Fragment Offset are situated in a sinle | |
#element from the forth element of the tuple. | |
#Flag is 3 bits (Most significant), so we make "and" with 1110 0000 0000 0000(=0xE000) | |
#to leave 3 most significant bits and then shift them right 13 positions | |
flags = ip_header_data[4] & 0xE000 >> 13 | |
#The next elements are easy to get | |
TTL = ip_header_data[5] | |
protocol = ip_header_data[6] | |
checksum = ip_header_data[7] | |
source = ip_header_data[8] | |
destinat = ip_header_data[9] | |
#and the rest data from the "packet" variable is the payload so we | |
#extract it also | |
payload = packet[20:] | |
print "___________NEW_PACKET__________________________" | |
print "Version: %s \n\rHeader lenght: %s" %(ip_version,IHL) | |
print "Diferentiated services: %s \n\rID: %s" %(diff_services, id_) | |
print "Flags: %s \n\rTTL: %s \n\rProtocol: %s" %(flags,TTL,protocol) | |
print "Checksum: %s \n\rSource: %s \n\rDestination: %s" %(checksum, socket.inet_ntoa(source),socket.inet_ntoa(destinat)) | |
print "Payload: %s" %(payload) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment