import pcapimport sysimport stringimport timeimport socketimport struct#protocols={socket.IPPROTO_TCP:'tcp', #socket.IPPROTO_UDP:'udp', #socket.IPPROTO_ICMP:'icmp'}protocols={ 0x00:"HOPOPT", 0x01:"ICMP", 0x02:"IGMP", 0x03:"GGP", 0x04:"IP-in-IP", 0x05:"ST", 0x06:"TCP", 0x07:"CBT", 0x08:"EGP", 0x09:"IGP", 0x0A:"BBN-RCC-MON", 0x0B:"NVP-II", 0x0C:"PUP", 0x0D:"ARGUS", 0x0E:"EMCON", 0x0F:"XNET", 0x10:"CHAOS", 0x11:"UDP", 0x12:"MUX", 0x13:"DCN-MEAS", 0x14:"HMP", 0x15:"PRM", 0x16:"XNS-IDP", 0x17:"TRUNK-1", 0x18:"TRUNK-2", 0x19:"LEAF-1", 0x1A:"LEAF-2", 0x1B:"RDP", 0x1C:"IRTP", 0x1D:"ISO-TP4", 0x1E:"NETBLT", 0x1F:"MFE-NSP", 0x20:"MERIT-INP", 0x21:"DCCP", 0x22:"3PC", 0x23:"IDPR", 0x24:"XTP", 0x25:"DDP", 0x26:"IDPR-CMTP", 0x27:"TP++", 0x28:"IL", 0x29:"IPv6", 0x2A:"SDRP", 0x2B:"IPv6-Route", 0x2C:"IPv6-Frag", 0x2D:"IDRP", 0x2E:"RSVP", 0x2F:"GRE", 0x30:"MHRP", 0x31:"BNA", 0x32:"ESP", 0x33:"AH", 0x34:"I-NLSP", 0x35:"SWIPE", 0x36:"NARP", 0x37:"MOBILE", 0x38:"TLSP", 0x39:"SKIP", 0x3A:"IPv6-ICMP", 0x3B:"IPv6-NoNxt", 0x3C:"IPv6-Opts", 0x3D:"host internal protocol", #any 0x3E:"CFTP", 0x3F:"local network", #any 0x40:"SAT-EXPAK", 0x41:"KRYPTOLAN", 0x42:"RVD", 0x43:"IPPC", 0x44:"distributed file system", #any 0x45:"SAT-MON", 0x46:"VISA", 0x47:"IPCU", 0x48:"CPNX", 0x49:"CPHB", 0x4A:"WSN", 0x4B:"PVP", 0x4C:"BR-SAT-MON", 0x4D:"SUN-ND", 0x4E:"WB-MON", 0x4F:"WB-EXPAK", 0x50:"ISO-IP", 0x51:"VMTP", 0x52:"SECURE-VMTP", 0x53:"VINES", 0x54:"TTP", 0x54:"IPTM", 0x55:"NSFNET-IGP", 0x56:"DGP", 0x57:"TCF", 0x58:"EIGRP", 0x59:"OSPF", 0x5A:"Sprite-RPC", 0x5B:"LARP", 0x5C:"MTP", 0x5D:"AX.25", 0x5E:"IPIP", 0x5F:"MICP", 0x60:"SCC-SP", 0x61:"ETHERIP", 0x62:"ENCAP", 0x63:"", 0x64:"GMTP", 0x65:"IFMP", 0x66:"PNNI", 0x67:"PIM", 0x68:"ARIS", 0x69:"SCPS", 0x6A:"QNX", 0x6B:"A/N", 0x6C:"IPComp", 0x6D:"SNP", 0x6E:"Compaq-Peer", 0x6F:"IPX-in-IP", 0x70:"VRRP", 0x71:"PGM", 0x72:"", 0x73:"L2TP", 0x74:"DDX", 0x75:"IATP", 0x76:"STP", 0x77:"SRP", 0x78:"UTI", 0x79:"SMP", 0x7A:"SM", 0x7B:"PTP", 0x7C:"IS-IS over IPv4", 0x7D:"FIRE", 0x7E:"CRTP", 0x7F:"CRUDP", 0x80:"SSCOPMCE", 0x81:"IPLT", 0x82:"SPS", 0x83:"PIPE", 0x84:"SCTP", 0x85:"FC", 0x86:"RSVP-E2E-IGNORE", 0x87:"Mobility Header", 0x88:"UDPLite", 0x89:"MPLS-in-IP", 0x8A:"manet", 0x8B:"HIP", 0x8C:"Shim6", 0x8D:"WESP", 0x8E:"ROHC", }import socketsocket.inet_ntoadef decode_ip_packet(s): d={} d['version']=(ord(s[0]) & 0xf0) >> 4 d['header_len']=ord(s[0]) & 0x0f d['tos']=ord(s[1]) d['total_len']=socket.ntohs(struct.unpack('H',s[2:4])[0]) d['id']=socket.ntohs(struct.unpack('H',s[4:6])[0]) d['flags']=(ord(s[6]) & 0xe0) >> 5 d['fragment_offset']=socket.ntohs(struct.unpack('H',s[6:8])[0] & 0x1f) d['ttl']=ord(s[8]) d['protocol']=ord(s[9]) d['checksum']=socket.ntohs(struct.unpack('H',s[10:12])[0]) d['source_address']=socket.inet_ntoa(s[12:16]) d['destination_address']=socket.inet_ntoa(s[16:20]) if d['header_len']>5: d['options']=s[20:4*(d['header_len']-5)] else: d['options']=None d['data']=s[4*d['header_len']:] return ddef dumphex(s): bytes = map(lambda x: '%.2x' % x, map(ord, s)) for i in xrange(0,len(bytes)/16): print ' %s' % string.join(bytes[i*16:(i+1)*16],' ') print ' %s' % string.join(bytes[(i+1)*16:],' ')def print_packet( data, timestamp): if not data: return if data[12:14]=='\x08\x00': #IP 包 decoded=decode_ip_packet(data[14:]) print '\n%s.%f %s > %s' % (time.strftime('%H:%M', time.localtime(timestamp)), timestamp % 60, decoded['source_address'], decoded['destination_address']) for key in ['version', 'header_len', 'tos', 'total_len', 'id', 'flags', 'fragment_offset', 'ttl']: print ' %s: %d' % (key, decoded[key]) print ' protocol: %s' % protocols[decoded['protocol']] print ' header checksum: %d' % decoded['checksum'] #print ' data:' #dumphex(decoded['data'])if __name__=='__main__': print ( pcap.findalldevs() ) for dev in pcap.findalldevs(): net, mask = pcap.lookupnet(dev) print dev print net.__repr__(),mask.__repr__() p = pcap.pcap() net, mask = pcap.lookupnet(dev) try: for timestamp, data in p: print_packet( data, timestamp) #print timestamp, len(data) except KeyboardInterrupt: print ('%s' % sys.exc_type) print ('shutting down')