1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164
| #!/usr/bin/env python 3.2
#-------------------------------------------------------------------------------
from ctypes import *
from winpcapy import *
import sys
import string
import platform
import socket
import time
if platform.python_version()[0] == "3":
raw_input=input
LINE_LEN=16
alldevs=POINTER(pcap_if_t)()
d=POINTER(pcap_if_t)
fp=pcap_t
errbuf= create_string_buffer(PCAP_ERRBUF_SIZE)
header=POINTER(pcap_pkthdr)()
pkt_data=POINTER(c_ubyte)()
## struct ethernet_header
class ETHER_HDR(Structure):
_fields_ = [('dest',6 * c_ubyte),
('source',6 * c_ubyte),
('type',c_ushort)]
## struct Ip header (v4)
class IPV4_HDR(Structure):
_fields_ = [('ip_header_len',4 * c_ubyte),
('ip_version',4 * c_ubyte),
('ip_tos',c_ubyte),
('ip_total_length',c_ushort),
('ip_id',c_ushort),
('ip_frag_offset',5 * c_ubyte),
('ip_more_fragment',1 * c_ubyte),
('ip_dont_fragment',1 * c_ubyte),
('ip_reserved_zero',1 * c_ubyte),
('ip_frag_offset1',c_ubyte),
('ip_ttl',c_ubyte),
('ip_protocol',c_ubyte),
('ip_checksum',c_ushort),
('ip_srcaddr',c_int),
('ip_destaddr',c_int)]
def processPacket(pkt_data, headerCaplen):
print("\nprocessPacket")
## Ethernet header
ethhdr = POINTER(ETHER_HDR)(pkt_data) ## cette ligne ne fonctionne peut-être
print(ethhdr.contents.dest[0:6])
print(ethhdr.contents.source[0:6])
print(ethhdr.contents.type)
print("mac dest : %.2x-%.2x-%.2x-%.2x-%.2x-%.2x" % (ethhdr.contents.dest[0],ethhdr.contents.dest[1],ethhdr.contents.dest[2],ethhdr.contents.dest[3],ethhdr.contents.dest[4],ethhdr.contents.dest[5]))
print("mac source : %.2x-%.2x-%.2x-%.2x-%.2x-%.2x" % (ethhdr.contents.source[0],ethhdr.contents.source[1],ethhdr.contents.source[2],ethhdr.contents.source[3],ethhdr.contents.source[4],ethhdr.contents.source[5]))
## Ip packets
if (socket.ntohs(ethhdr.contents.type) == 0):
## ip header
iphdr = POINTER(IPV4_HDR)(pkt_data)
print(iphdr.contents.ip_protocol)
print(iphdr.contents.ip_srcaddr)
def showNetCard():
if (pcap_findalldevs(byref(alldevs), errbuf) == -1):
print ("Error in pcap_findalldevs: %s\n", errbuf.value)
sys.exit(1)
## Print the list
i=0
d=alldevs.contents
while d:
i=i+1
print ("%d. %s" % (i, d.name))
if (d.description):
print (" (%s)\n" % (d.description))
else:
print (" (No description available)\n")
if d.next:
d=d.next.contents
else:
d=False
if (i==0):
print ("\nNo interfaces found! Make sure WinPcap is installed.\n")
sys.exit(-1)
print ("Enter the interface number (1-%d):" % (i))
inum= raw_input('--> ')
if inum in string.digits:
inum=int(inum)
else:
inum=0
if ((inum < 1) | (inum > i)):
print ("\nInterface number out of range.\n")
## Free the device list
pcap_freealldevs(alldevs)
sys.exit(-1)
return alldevs,inum
def openDevice(alldevs,inum):
d=alldevs
for i in range(0,inum-1):
d=d.contents.next
fp = pcap_open_live(d.contents.name,65536,1,1000,errbuf) ## ici on a une différence avec le sniffer.h, on a live de plus
if (fp == None):
print ("\nError opening adapter\n")
## Free the device list
pcap_freealldevs(alldevs)
sys.exit(-1)
return fp
def readPackets(fp):
res = pcap_next_ex( fp, byref(header), byref(pkt_data)) ## ic on a une différence avec les byref de plus
#print("valeur du res est: ",res)
while(res >= 0):
if(res == 0):
## Timeout elapsed
break
## print pkt timestamp and pkt len
seconds = header.contents.ts.tv_sec
localtime_s = time.localtime(seconds)
print("\nNext Packet : %d-%d-%d at %d:%d:%d (Packet Lenght : %d bytes)" % (localtime_s.tm_mday, localtime_s.tm_mon, localtime_s.tm_year, localtime_s.tm_hour, localtime_s.tm_min, localtime_s.tm_sec, header.contents.len))
## Print the packet
# print(header.contents.caplen)
# print(type(pkt_data))
# print(sizeof(pkt_data))
# print(pkt_data[0:1024])
processPacket(pkt_data, header.contents.caplen) ## j'ajoute ceci pour faire comme dans sniffer.h
# for i in range(1,header.contents.len + 1):
# print ("%.2x " % pkt_data[i-1])
# if (i % LINE_LEN) == 0:
# print ("\n")
print ("\n\n")
break
# res = pcap_next_ex( fp, byref(header), byref(pkt_data))
if(res == -1):
print ("Error reading the packets: %s\n" % pcap_geterr(fp))
sys.exit(-1)
pcap_close(fp)
def main():
## show network card
alldevs,inum = showNetCard()
## open the device
fp = openDevice(alldevs,inum)
## Read the packets
readPackets(fp)
sys.exit(0)
if __name__ == '__main__':
main() |
Partager