• Search by Module
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• python-scripts-master
  • UserDict.py
  • selectpoll.py
  • bt.py
  • check_p.py
  • log.py
  • daemon.py
  • cache.py
  • pyutil.py
  • util.py
  • proxy_pattern.py
  • get_url
  • changeCm.py
  • cmd_func.py
  • inifile.py
  • http.py
  • dfile.py
  • top.py
  • openssl.py
  • HttpService.py
  • colortrans.py
  • socket_server.py
  • www-url.py
  • uesr_time.py
  • py3compat.py
  • terminal.py
  • decorator.py
  • time_utils.py
  • EchoServer.py
  • config.py
  • path.py
  • ansible-deploy
  • dictdiffer.py
  • datetime.py
  • pidfile.py
  • deploy.py
  • queens.py
  • cgroup_top.py
  • ez_setup.py
  • lineStatistic.py
  • pygressbar
    • pygressbar.py
    • __init__.py
    • README.md
    • examples.py
  • netutil.py
  • LICENSE
  • zktop.py
  • grr_utils.py
  • stylechecker.py
  • lib.py
  • which.py
  • poller.py
  • msger.py
  • color.py
  • get_instance_info
  • utility.py
  • display-sighandlers.py
  • connection_pool.py
  • tasks.py
  • comm_log.py
  • acl.py
  • download_helper.py
  • finder.py
  • setup.py
  • Timer.py
  • TermCurses.py
  • net.py
  • stdin.py
  • display-terminfo.py
  • rm_end_space.py
  • sniff.py
  • setup-sample.py
  • ordered_dict.py
  • README.md
  • utils.py
  • escape.py
  • daemonize.py
  • hash_func.py
  • multiprocessbug.py
  • logstash-shipper.py
  • excel_style.py
  • printenv.py
  • MysqlUtility.py
  • smem
    • smemap.c
    • smem
  • human_log.py
  • singleton-logger-logging.py
  • add_ip.py
  • stats
    • iostat.py
    • netstat.py
  • lib_utility.py
  • urllibdownload.py
  • logging.py
  • error.py
  • redis-monitor.py
  • compat.py
  • ez_install.py
  • fdprogress.py
  • BaseHTTPServer_Me.py
  • rb_tree.py
  • .gitignore
  • fancy_getopt.py
  • LogWatcher.py
  • pidproxy.py
  • sniffer.py
  • IniConfig.py
  • sedsed
  • switch.py
  • lock.py
  • ArgParser.py
  • call_trace.py
  • logging
    • config.py
    • __init__.py
    • handlers.py
  • string_functions.py

#! /usr/bin/env python
"""
Example to sniff all HTTP traffic on eth0 interface:
    sudo ./sniff.py eth0 "port 80"
"""

import sys
import pcap
import string
import time
import socket
import struct

protocols={socket.IPPROTO_TCP:'tcp',
            socket.IPPROTO_UDP:'udp',
            socket.IPPROTO_ICMP:'icmp'}

def decode_ip_packet(s):
    d={}
    d['version']=(ord(s[0]) & 0xf0) >> 4
    d['header_len']=ord(s[0]) & 0x0f
    d['tos']=ord(s[1])
    d['total_len']=socket.ntohs(struct.unpack('H',s[2:4])[0])
    d['id']=socket.ntohs(struct.unpack('H',s[4:6])[0])
    d['flags']=(ord(s[6]) & 0xe0) >> 5
    d['fragment_offset']=socket.ntohs(struct.unpack('H',s[6:8])[0] & 0x1f)
    d['ttl']=ord(s[8])
    d['protocol']=ord(s[9])
    d['checksum']=socket.ntohs(struct.unpack('H',s[10:12])[0])
    d['source_address']=pcap.ntoa(struct.unpack('i',s[12:16])[0])
    d['destination_address']=pcap.ntoa(struct.unpack('i',s[16:20])[0])
    if d['header_len']>5:
        d['options']=s[20:4*(d['header_len']-5)]
    else:
        d['options']=None
    d['data']=s[4*d['header_len']:]
    return d


def dumphex(s):
    bytes = map(lambda x: '%.2x' % x, map(ord, s))
    for i in xrange(0,len(bytes)/16):
        print '        %s' % string.join(bytes[i*16:(i+1)*16],' ')
    print '        %s' % string.join(bytes[(i+1)*16:],' ')


def print_packet(pktlen, data, timestamp):
    if not data:
        return

    if data[12:14]=='\x08\x00':
        decoded=decode_ip_packet(data[14:])
        print '\n%s.%f %s > %s' % (time.strftime('%H:%M',
                                time.localtime(timestamp)),
                                timestamp % 60,
                                decoded['source_address'],
                                decoded['destination_address'])
        for key in ['version', 'header_len', 'tos', 'total_len', 'id',
                                'flags', 'fragment_offset', 'ttl']:
            print '    %s: %d' % (key, decoded[key])
        print '    protocol: %s' % protocols[decoded['protocol']]
        print '    header checksum: %d' % decoded['checksum']
        print '    data:'
        dumphex(decoded['data'])


if __name__=='__main__':

    if len(sys.argv) < 3:
        print 'usage: sniff.py <interface> <expr>'
        sys.exit(0)
    p = pcap.pcapObject()
    #dev = pcap.lookupdev()
    dev = sys.argv[1]
    net, mask = pcap.lookupnet(dev)
    # note:    to_ms does nothing on linux
    p.open_live(dev, 1600, 0, 100)
    #p.dump_open('dumpfile')
    p.setfilter(string.join(sys.argv[2:],' '), 0, 0)

    # try-except block to catch keyboard interrupt.    Failure to shut
    # down cleanly can result in the interface not being taken out of promisc.
    # mode
    p.setnonblock(1)
    try:
        while 1:
            p.dispatch(1, print_packet)

        # specify 'None' to dump to dumpfile, assuming you have called
        # the dump_open method
        #    p.dispatch(0, None)

        # the loop method is another way of doing things
        #    p.loop(1, print_packet)

        # as is the next() method
        # p.next() returns a (pktlen, data, timestamp) tuple
        #    apply(print_packet,p.next())
    except KeyboardInterrupt:
        print '%s' % sys.exc_type
        print 'shutting down'
        print '%d packets received, %d packets dropped, %d packets dropped by interface' % p.stats()



# vim:set ts=4 sw=4 et: