PythonÍøÂç×¥°ü¿â pypcap

Ethereal ×Ô´øÐí¶àЭÒéµÄ decoder,¼òµ¥,Ò×ÓÃ,»ùÓÚwinpcapµÄÒ»¸ö¿ªÔ´µÄÈí¼þ.µ«ÊÇËüµÄ¼Ü¹¹²¢²»Áé»î,ÈçºÎÄãÒª¼ÓÈëÒ»¸ö×Ô¼º¶¨ÒåµÄµÄ½âÂëÆ÷,µÃÈ¥ÐÞ¸Ä EtherealµÄ´úÂë,ÔÙÖØбàÒë,ºÜ·³Ëö.¶ÔÓÚÒ»°ãµÄÃ÷ÎÄ Ð­Òé,ûÓÐʲôÎÊÌâ,µ«ÊǶÔÓÚ¼ÓÃÜЭÒé,±ÈÈçÍøÂçÓÎÏ·,¿Í»§¶Ë³ÌÐòÒ»°ã»áÔÚ¸ÕÁ¬½ÓÉϵÄʱºò,·¢ËÍÒ»¸öËæ»úÃÜÔ¿,¶øºóµÄ±¨ÎĶ¼»áÓÃÕâ¸öÃÜÔ¿½øÐмÓÃÜ,Èç´Ë. ÒªÏëÆƽâ,µÃÒªÓÐÒ»¸ö¿É±à³ÌµÄ×¥°üÆ÷.
libpcapÊÇÒ»¸ö²»´íµÄÑ¡Ôñ,µ«ÊǶÔÓÚ×¥°üÕâÑùÐèÒª·´¸´½øÐДÊÔ Ñé->Ð޸ĔÕâ¸ö¹ý³ÌµÄ²Ù×÷,c ÓïÑÔÏÔÈ»²»ÊÇÃ÷ÖǵÄÑ¡Ôñ.
PythonÌṩÁ˼¸¸ölibpcapbind,http://monkey.org/~dugsong/pypcap/ÕâÀïÓÐ Ò»¸ö×î¼òµ¥µÄ¡£ÔÚwindowsƽ̨ÉÏ,ÄãÐèÒªÏÈ°²×°winpcap,Èç¹ûÄãÒѾ­°²×°ÁËEthereal·Ç³£ºÃÓÃ
Ò»¸ö¹æ·¶µÄ×¥°ü¹ý³Ì
import pcap
import dpkt
pc=pcap.pcap()    #×¢£¬²ÎÊý¿ÉΪÍø¿¨Ãû£¬Èçeth0
pc.setfilter('tcp port 80')    #ÉèÖüàÌý¹ýÂËÆ÷
for ptime,pdata in pc:    #ptimeΪÊÕµ½Ê±¼ä£¬pdataΪÊÕµ½Êý¾Ý
    print ptime,pdata    #...
¶Ô×¥µ½µÄÒÔÌ«ÍøV2Êý¾Ý°ü(raw packet)½øÐнâ°ü
p=dpkt.ethernet.Ethernet(pdata)
if p.data.__class__.__name__=='IP':
    ip='%d.%d.%d.%d'%tuple(map(ord,list(p.data.dst)))
    if p.data.data.__class__.__name__=='TCP':
        if data.dport==80:
            print p.data.data.data # by gashero
һЩÏÔʾ²ÎÊý
nrecv,ndrop,nifdrop=pc.stats()
·µ»ØµÄÔª×éÖУ¬µÚÒ»¸ö²ÎÊýΪ½ÓÊÕµ½µÄÊý¾Ý°ü£¬(by gashero)µÚ¶þ¸ö²ÎÊýΪ±»ºËÐĶªÆúµÄÊý¾Ý°ü¡£