(转载)使用Perl编写协议分析脚本
使用Perl编写协议分析脚本
创建时间:2005-07-31 更新时间:2005-08-07
文章属性:原创
文章提交:r00t (i_am_jojo_at_msn.com)
1、软件环境:Windows、ActiveState Perl 5.8.6、Winpcap 3.1 Beta;
2、所需Perl 模块:Net::Pcap、Net::PcapUtils、NetPacket
>ppm install NetPacket
>ppm install http://www.bribes.org/perl/ppm/Net-Pcap.ppd
>ppm install http://www.bribes.org/perl/ppm/Net-PcapUtils.ppd
其中Net::Pcap是Winpcap的接口,Net::PcapUtils提供常用的抓包函数,NetPacket用来解析各种协议结构;
3、仅分析ICMP和TCP协议结构,且把Header结构用文本表格的方式打印下来;
4、提供源地址、目的地址、源端口、目的端口组合的过滤方式;
5、如果需要Dump ARP协议的数据包,则需要按照额外的模块,NetPacket当前不支持ARP协议的解析;
6、可使用perl2exe工具将其转化到exe文件格式;
(0)、C:/Perl/scripts/iSniffer>packetDump.pl -h
#Please set the width of CMD window to 100 #为了格式化显示请将窗口长度设置到100
> C:/Perl/scripts/iSniffer/packetDump.pl [hvd:p:i:s:t:u::x:y:z:]
-h print this help
-v print more information #显示更多的信息
-d choice device, [1,2,3...] #指定设备编号
-p 1->icmp, 6->tcp #分析哪种协议,ICMP或TCP
-i icmp type #-p 1前提下指定ICMP的Type
0 Echo Reply
3 Destination Unreachable
4 Source Quench
5 Redirect
8 Echo
11 Time Exceeded
12 Parameter Problem
13 Timestamp
14 Timestamp Reply
17 Address Mask Request
18 Address Mask Reply
30 Traceroute
37 Domain Name Request
-s x.x.x.x, source ip #指定源地址
-t x.x.x.x, dest ip #指定目的地址
-u x.x.x.x, source/dest ip #源地址或目的地址均可
-x source port #指定源端口
-y dest port #指定目的端口
-z source/dest port #源端口或目的端口均可
v1.0, by shanleiguang@he.chinamobile.com
(1)、>packetDump.plC:/Perl/scripts/iSniffer>packetDump.pl
+-----------------------------------------------------------------------------------+
| Supported Devices |
+---+------+------------------------------------------------------------------------+
| 1 | dev | /Device/NPF_GenericNdisWanAdapter |
+---+------+------------------------------------------------------------------------+
| | desc | Generic NdisWan adapter |
+---+------+------------------------------------------------------------------------+
| 2 | dev | /Device/NPF_{6A06FB50-D0BC-4908-A502-90322DC74B78} |
+---+------+------------------------------------------------------------------------+
| | desc | Intel(R) PRO/100 VE Network Connection (Microsoft's Packet Scheduler) |
+---+------+------------------------------------------------------------------------+
| 3 | dev | /Device/NPF_{762D2D02-BA2C-46E1-9C54-396D8B79055F} |
+---+------+------------------------------------------------------------------------+
| | desc | WAN (PPP/SLIP) Interface |
+---+------+------------------------------------------------------------------------+
Which device u want to sniff? [1,2,3] #选择希望Dump的设备,下一次可直接用-d来指配
(2)、C:/Perl/scripts/iSniffer>packetDump.pl -d 3 -p 1
2005/07/31 11:15:58, Sniffing on /Device/NPF_{762D2D02-BA2C-46E1-9C54-396D8B79055F}... ...
=No.1===========================================================================
+------------------------------------------------+
| IP Header |
+--------+------------+---------+----------------+
| ver | 4 | hlen | 5 |
+--------+------------+---------+----------------+
| tos | 0 | len | 60 |
+--------+------------+---------+----------------+
| flags | 0 | foffset | 0 |
+--------+------------+---------+----------------+
| id | 50223 | ttl | 128 |
+--------+------------+---------+----------------+
| src_ip | 60.6.41.89 | dest_ip | 64.233.189.104 |
+--------+------------+---------+----------------+
| proto | 1 | cksum | 4833 |
+--------+------------+---------+----------------+
+--------------------------------------------------------+
| ICMP Message |
+------+------+-------+----------------------------------+
| type | code | cksum | data |
+------+------+-------+----------------------------------+
| 8 | 0 | 17756 | abcdefghijklmnopqrstuvwabcdefghi |
+------+------+-------+----------------------------------+
=No.2===========================================================================
+------------------------------------------------+
| IP Header |
+--------+----------------+---------+------------+
| ver | 4 | hlen | 5 |
+--------+----------------+---------+------------+
| tos | 0 | len | 60 |
+--------+----------------+---------+------------+
| flags | 0 | foffset | 0 |
+--------+----------------+---------+------------+
| id | 50223 | ttl | 242 |
+--------+----------------+---------+------------+
| src_ip | 64.233.189.104 | dest_ip | 60.6.41.89 |
+--------+----------------+---------+------------+
| proto | 1 | cksum | 41184 |
+--------+----------------+---------+------------+
+--------------------------------------------------------+
| ICMP Message |
+------+------+-------+----------------------------------+
| type | code | cksum | data |
+------+------+-------+----------------------------------+
| 0 | 0 | 19804 | abcdefghijklmnopqrstuvwabcdefghi |
+------+------+-------+----------------------------------+
... ...
(3)、C:/Perl/scripts/iSniffer>packetDump.pl -d 3 -p 6 -u xxx.xxx.xxx.xxx -z 23
7、源代码
#!C:/Perl/bin/perl.exe
#By shanleiguang@he.chinamobile.com, 2005/07
#ActiveState Perl 5.8.6, Winpcap 3.1 beta
#ppm install NetPacket
#ppm install http://www.bribes.org/perl/ppm/Net-Pcap.ppd
#ppm install http://www.bribes.org/perl/ppm/Net-PcapUtils.ppd
use strict;
use Net::PcapUtils;
use NetPacket::Ethernet;
use NetPacket::IP;
use NetPacket::ICMP;
use NetPacket::TCP;
use Getopt::Std;
use POSIX qw(strftime);
my %opts;
getopts('hvd:p:i:s:t:u:x:y:z:', /%opts);
print_help() and exit if(defined $opts{'h'});
print_help() and exit if(defined $opts{'d'} and ($opts{'d'} !~ m/^/d+$/));
print_help() and exit if(defined $opts{'p'} and ($opts{'p'} !~ m/^/d+$/));
print_help() and exit if(defined $opts{'i'} and ($opts{'i'} !~ m/^/d+$/));
print_help() and exit if(defined $opts{'s'} and ($opts{'s'} !~ m/^/d+./d+./d+./d+$/));
print_help() and exit if(defined $opts{'t'} and ($opts{'t'} !~ m/^/d+./d+./d+./d+$/));
print_help() and exit if(defined $opts{'u'} and ($opts{'u'} !~ m/^/d+./d+./d+./d+$/));
print_help() and exit if(defined $opts{'x'} and ($opts{'x'} !~ m/^/d+$/));
print_help() and exit if(defined $opts{'y'} and ($opts{'y'} !~ m/^/d+$/));
print_help() and exit if(defined $opts{'z'} and ($opts{'z'} !~ m/^/d+$/));
$opts{'p'} = 6 if not defined($opts{'p'});
my $choice;
my %devices = get_supported_devices();
if(defined $opts{'d'}) {
$choice = $opts{'d'};
} else {
print_supported_devices();
print "/nWhich device u want to sniff? [";
print join ',', sort {$a <=> $b} (keys %devices) and print '] ';
$choice = <STDIN>;
chomp($choice);
}
die "Invalid Device!/n" if not defined($devices{$choice});
my $pkt_descriptor = Net::PcapUtils::open(
FILTER => 'ip',
SNAPLEN => 1500,
PROMISC => 1,
DEV => $devices{$choice}{'dev'},
);
die "Net::PcapUtils::open returned: $pkt_descriptor/n" if (!ref($pkt_descriptor));
print strftime "%Y/%m/%d %H:%M:%S, ", localtime;
print "Sniffing on $devices{$choice}{'dev'}... .../n";
my ($next_packet, %next_header);
my $packet_counter = 0;
while (($next_packet, %next_header) = Net::PcapUtils::next($pkt_descriptor)) {
my ($ip_obj, $tcp_obj, $icmp_obj);
$ip_obj = NetPacket::IP->decode(NetPacket::Ethernet::eth_strip($next_packet));
next if (defined $opts{'s'} and ($ip_obj->{'src_ip'} ne $opts{'s'}));
next if (defined $opts{'t'} and ($ip_obj->{'dest_ip'} ne $opts{'t'}));
next if (defined $opts{'u'} and ($ip_obj->{'src_ip'} ne $opts{'u'})
and ($ip_obj->{'dest_ip'} ne $opts{'u'}));
next if ($ip_obj->{'proto'} != $opts{'p'});
if ($ip_obj->{'proto'} == 1) {
$icmp_obj = NetPacket::ICMP->decode($ip_obj->{'data'});
next if (defined $opts{'i'} and ($icmp_obj->{'type'} ne $opts{'i'}));
}
if ($ip_obj->{'proto'} == 6) {
$tcp_obj = NetPacket::TCP->decode($ip_obj->{'data'});
next if (defined $opts{'x'} and ($tcp_obj->{'src_port'} ne $opts{'x'}));
next if (defined $opts{'y'} and ($tcp_obj->{'dest_port'} ne $opts{'y'}));
next if (defined $opts{'z'} and ($tcp_obj->{'src_port'} ne $opts{'z'})
and ($tcp_obj->{'dest_port'} ne $opts{'z'}));
}
$packet_counter++;
print "=No.$packet_counter=", '=' x (80 - length("=No.$packet_counter=")), "/n";
if($opts{'v'}) {
print display_capinfo(/%next_header);
print display_frame_hdr(NetPacket::Ethernet->decode($next_packet));
}
print display_ip_hdr($ip_obj);
print display_icmp_msg($icmp_obj) if ($ip_obj->{'proto'} == 1);
print display_tcp_hdr($tcp_obj) if ($ip_obj->{'proto'} == 6);
}
sub print_help {
print <<HELP
#Please set the width of CMD window to 100
> $0 [hvd:p:i:s:t:u::x:y:z:]
-h print this help
-v print more information
-d choice device, [1,2,3...]
-p 1->icmp, 6->tcp
-i icmp type
0 Echo Reply
3 Destination Unreachable
4 Source Quench
5 Redirect
8 Echo
11 Time Exceeded
12 Parameter Problem
13 Timestamp
14 Timestamp Reply
17 Address Mask Request
18 Address Mask Reply
30 Traceroute
37 Domain Name Request
-s x.x.x.x, source ip
-t x.x.x.x, dest ip
-u x.x.x.x, source/dest ip
-x source port
-y dest port
-z source/dest port
v1.0, by shanleiguang/@he.chinamobile.com
HELP
}
sub get_supported_devices {
my ($error, %description, %devices);
my $index = 0;
foreach (Net::Pcap::findalldevs(/$error, /%description)) {
die "Net::Pcap::finealldevs Error!/n" if defined $error;
$index++;
$devices{$index}{'dev'} = $_;
$devices{$index}{'desc'} = $description{$_};
}
return %devices;
}
sub print_supported_devices {
my ($error, %description);
my (@indexes, @fields, @values);
my $index = 0;
foreach (Net::Pcap::findalldevs(/$error, /%description)) {
die "Net::Pcap::finealldevs Error!/n" if defined $error;
$index++;
push @indexes, ($index, ' ');
push @fields, ('dev', 'desc');
push @values, ($_, $description{$_});
}
print "/n", pretty_table('Supported Devices', (/@indexes, /@fields, /@values));
}
sub display_capinfo {
my $capinfo = shift;
my @capinfo;
push @capinfo, [$_, $capinfo->{$_}] foreach (qw(tv_sec tv_usec len caplen));
return pretty_table('Pcap Info', @capinfo);
}
sub display_frame_hdr {
my $frame_obj = shift;
my @eth_frame;
push @eth_frame, [$_, $frame_obj->{$_}] foreach (qw(src_mac dest_mac type));
return pretty_table('Ethernet Frame Header', @eth_frame);
}
sub display_ip_hdr {
my $ip_obj = shift;
my @ip_hdr;
push @ip_hdr, [qw(ver tos flags id src_ip proto)];
push @{$ip_hdr[1]}, $ip_obj->{$_} foreach (qw(ver tos flags id src_ip proto));
push @ip_hdr, [qw(hlen len foffset ttl dest_ip cksum)];
push @{$ip_hdr[3]}, $ip_obj->{$_} foreach (qw(hlen len foffset ttl dest_ip cksum));
return pretty_table('IP Header', @ip_hdr);
}
sub display_icmp_msg {
my $icmp_obj = shift;
my @icmp_msg;
$icmp_obj->{'data'} =~ s//W//g;
push @icmp_msg, [$_, $icmp_obj->{$_}] foreach (qw(type code cksum data));
return pretty_table('ICMP Message', @icmp_msg);
}
sub display_tcp_hdr {
my $tcp_obj = shift;
my @tcp_hdr;
push @tcp_hdr, [qw(src_port seqnum hlen flags)];
push @{$tcp_hdr[1]}, $tcp_obj->{$_} foreach (qw(src_port seqnum hlen flags));
push @tcp_hdr, [qw(dest_port acknum reserved winsize)];
push @{$tcp_hdr[3]}, $tcp_obj->{$_} foreach (qw(dest_port acknum reserved winsize));
return pretty_table('TCP Header', @tcp_hdr);
#my $data = unpack 'a*', $tcp_obj->{'data'};
#print "$data/n";
}
sub display_udp_hdr {
my $udp_obj = shift;
my @udp_hdr;
push @udp_hdr, [$_, $udp_obj->{$_}] foreach (qw(src_port dest_port cksum));
return pretty_table('UDP Header', @udp_hdr);
}
sub pretty_table {
# pretty_table($aString, @aList); @aList = ( [...], [...] );
my ($title, @data) = @_;
my @temp;
my @maxLength;
my $rowLength;
my $indent = 4;
my $theTable;
foreach my $col (0..$#{$data[0]}) { push @{$temp[$col]}, $_->[$col] foreach (@data); }
$maxLength[$_] = length( (sort{length($b) <=> length($a)} @{$data[$_]} )[0]) + 2 foreach (0..$#data);
$rowLength+= $maxLength[$_] foreach (0..$#{$temp[0]});
$rowLength+= $#data;
$theTable = ' ' x $indent.'+'.'-' x $rowLength."+/n";
$theTable.= ' ' x $indent.'| '.$title.' ' x ($rowLength - length($title) - 1)."|/n";
foreach my $row (0..$#temp) {
$theTable.= ' ' x $indent;
$theTable.= '+'.'-' x $maxLength[$_] foreach (0.. $#{$temp[0]});
$theTable.= "+/n";
$theTable.= ' ' x $indent;
$theTable.= '| '.@{$temp[$row]}[$_].' ' x ($maxLength[$_] - length(@{$temp[$row]}[$_]) - 1)
foreach (0.. $#{$temp[0]});
$theTable.= "|/n";
}
$theTable.= ' ' x $indent;
$theTable.= '+'.'-' x $maxLength[$_] foreach (0.. $#{$temp[0]});
$theTable.= "+/n";
return $theTable;
}
(转载)使用Perl编写协议分析脚本相关推荐
- 使用Perl编写协议分析脚本
使用Perl编写协议分析脚本 创建时间:2005-07-31 更新时间:2005-08-07 文章属性:转载 文章提交:r00t (i_am_jojo_at_msn.com) 1.软件环境:Windo ...
- 使用Perl编写协议分析脚本 z
使用Perl编写协议分析脚本 创建时间:2005-07-31 更新时间:2005-08-07 文章属性:原创 文章提交:r00t (i_am_jojo_at_msn.com) 1.软件环境:Windo ...
- 网络协议分析与仿真课程设计报告:网络流量分析与协议模拟
公众号:CS阿吉 网络协议分析与仿真课程设计报告 题 目:网络流量分析与协议模拟 专业名称: 网络工程 班 级: 学生姓名: 阿吉 学号(8位): 指导教 ...
- RTSP再学习 -- RTSP协议分析(转载)
最近一直在看 RTSP,但是RTSP协议是个啥?还没有搞清楚. 首先流媒体百度百科上有这样一段,从基本的名字上或多或少可以理解一下这些传输协议的区别.这很重要!! 传输协议 1.RSVP:资源预留协议 ...
- arp协议分析python编程实现arp欺骗抓图片
arp协议分析&python编程实现arp欺骗抓图片 序 学校tcp/ip协议分析课程老师布置的任务,要求分析一种网络协议并且研究安全问题并编程实现,于是我选择了研究arp协议,并且利用pyt ...
- PYTHON黑帽编程1.5 使用WIRESHARK练习网络协议分析
Python黑帽编程1.5 使用Wireshark练习网络协议分析 1.5.0.1 本系列教程说明 本系列教程,采用的大纲母本为<Understanding Network Hacks At ...
- loadrunner录制事件为0_利用LoadRunner编写Socket性能测试脚本简述
>>>推荐阅读<<< 1.性能测试学习笔记-场景设计 2.性能测试的重要意义 3.性能分析流程及方法 4.应用系统性能调优之性能分析 一.概述 Loadrunner ...
- 干货|app自动化测试之Appium 原理 与 JsonWP 协议分析
想要使用 Appium 进行测试,那么就一定要先了解Appium的原理.Appium 不仅能够实现移动端的 JSONWP,并且延伸到了 Selenium 的 JSONWP,它能够控制不同移动设备的行为 ...
- uIP tcp/ip协议分析及其在嵌入式系统中的应用
网络技术的发展使越来越多的工业控制设备将网络接入功能作为其必备的特性之一.同样,嵌入式系统的发展,要求其应用能够支持网络功能,为用户提供一个简易方便的可视化图形界面.当前WEB浏览器已经成为用户的合理 ...
最新文章
- java 查看变量类型
- 星星评价控件android开发_android自定义星级评分控件,可实现只显示实心星星
- java开发实战经典答案百度云,含面试题+答案
- matlab GUI之自定义菜单小结
- oracle r修改表名,oracle中修改表名
- LAMP YUM安装配置实战
- 【渝粤教育】国家开放大学2018年秋季 1070t组织行为学 参考试题
- 手机触摸屏有电阻屏和电容屏,有什么区别?
- Walle和加固宝的优雅结合
- 梅花雨日历控件英文版
- vcenter server安装到第二阶段无法“下一步“问题解决
- 翻译文章后再来看翻译文章
- 7位专家– 7条意见:Java 13的亮点是什么?
- 关于mail mailx 以及sendmail 的理解
- 双隐藏层BP网络的matlab仿真,求遗传算法优化含有两个隐含层的BP神经网络的matlab程序...
- app与后台的token、sessionId、RSA加密登录认证与安全解决方案
- C#Web网站的创建
- 云桌面和计算机,云桌面和电脑在使用上的差别你都知道吗
- Docker常用命令操作
- android应用开发培训