使用Perl编写协议分析脚本
使用Perl编写协议分析脚本
创建时间:2005-07-31 更新时间:2005-08-07
文章属性:转载
文章提交:r00t (i_am_jojo_at_msn.com)
1、软件环境:Windows、ActiveState Perl 5.8.6、Winpcap 3.1 Beta;
2、所需Perl 模块:Net::Pcap、Net::PcapUtils、NetPacket
>ppm install NetPacket
>ppm install http://www.bribes.org/perl/ppm/Net-Pcap.ppd
>ppm install http://www.bribes.org/perl/ppm/Net-PcapUtils.ppd
其中Net::Pcap是Winpcap的接口,Net::PcapUtils提供常用的抓包函数,NetPacket用来解析各种协议结构;
3、仅分析ICMP和TCP协议结构,且把Header结构用文本表格的方式打印下来;
4、提供源地址、目的地址、源端口、目的端口组合的过滤方式;
5、如果需要Dump ARP协议的数据包,则需要按照额外的模块,NetPacket当前不支持ARP协议的解析;
6、可使用perl2exe工具将其转化到exe文件格式;
(0)、C:/Perl/scripts/iSniffer>packetDump.pl -h
#Please set the width of CMD window to 100 #为了格式化显示请将窗口长度设置到100
> C:/Perl/scripts/iSniffer/packetDump.pl [hvd:p:i:s:t:u::x:y:z:]
-h print this help
-v print more information #显示更多的信息
-d choice device, [1,2,3...] #指定设备编号
-p 1->icmp, 6->tcp #分析哪种协议,ICMP或TCP
-i icmp type #-p 1前提下指定ICMP的Type
0 Echo Reply
3 Destination Unreachable
4 Source Quench
5 Redirect
8 Echo
11 Time Exceeded
12 Parameter Problem
13 Timestamp
14 Timestamp Reply
17 Address Mask Request
18 Address Mask Reply
30 Traceroute
37 Domain Name Request
-s x.x.x.x, source ip #指定源地址
-t x.x.x.x, dest ip #指定目的地址
-u x.x.x.x, source/dest ip #源地址或目的地址均可
-x source port #指定源端口
-y dest port #指定目的端口
-z source/dest port #源端口或目的端口均可
v1.0, by shanleiguang@he.chinamobile.com
(1)、>packetDump.plC:/Perl/scripts/iSniffer>packetDump.pl
+-----------------------------------------------------------------------------------+
| Supported Devices |
+---+------+------------------------------------------------------------------------+
| 1 | dev | /Device/NPF_GenericNdisWanAdapter |
+---+------+------------------------------------------------------------------------+
| | desc | Generic NdisWan adapter |
+---+------+------------------------------------------------------------------------+
| 2 | dev | /Device/NPF_{6A06FB50-D0BC-4908-A502-90322DC74B78} |
+---+------+------------------------------------------------------------------------+
| | desc | Intel(R) PRO/100 VE Network Connection (Microsoft's Packet Scheduler) |
+---+------+------------------------------------------------------------------------+
| 3 | dev | /Device/NPF_{762D2D02-BA2C-46E1-9C54-396D8B79055F} |
+---+------+------------------------------------------------------------------------+
| | desc | WAN (PPP/SLIP) Interface |
+---+------+------------------------------------------------------------------------+
Which device u want to sniff? [1,2,3] #选择希望Dump的设备,下一次可直接用-d来指配
(2)、C:/Perl/scripts/iSniffer>packetDump.pl -d 3 -p 1
2005/07/31 11:15:58, Sniffing on /Device/NPF_{762D2D02-BA2C-46E1-9C54-396D8B79055F}... ...
=No.1===========================================================================
+------------------------------------------------+
| IP Header |
+--------+------------+---------+----------------+
| ver | 4 | hlen | 5 |
+--------+------------+---------+----------------+
| tos | 0 | len | 60 |
+--------+------------+---------+----------------+
| flags | 0 | foffset | 0 |
+--------+------------+---------+----------------+
| id | 50223 | ttl | 128 |
+--------+------------+---------+----------------+
| src_ip | 60.6.41.89 | dest_ip | 64.233.189.104 |
+--------+------------+---------+----------------+
| proto | 1 | cksum | 4833 |
+--------+------------+---------+----------------+
+--------------------------------------------------------+
| ICMP Message |
+------+------+-------+----------------------------------+
| type | code | cksum | data |
+------+------+-------+----------------------------------+
| 8 | 0 | 17756 | abcdefghijklmnopqrstuvwabcdefghi |
+------+------+-------+----------------------------------+
=No.2===========================================================================
+------------------------------------------------+
| IP Header |
+--------+----------------+---------+------------+
| ver | 4 | hlen | 5 |
+--------+----------------+---------+------------+
| tos | 0 | len | 60 |
+--------+----------------+---------+------------+
| flags | 0 | foffset | 0 |
+--------+----------------+---------+------------+
| id | 50223 | ttl | 242 |
+--------+----------------+---------+------------+
| src_ip | 64.233.189.104 | dest_ip | 60.6.41.89 |
+--------+----------------+---------+------------+
| proto | 1 | cksum | 41184 |
+--------+----------------+---------+------------+
+--------------------------------------------------------+
| ICMP Message |
+------+------+-------+----------------------------------+
| type | code | cksum | data |
+------+------+-------+----------------------------------+
| 0 | 0 | 19804 | abcdefghijklmnopqrstuvwabcdefghi |
+------+------+-------+----------------------------------+
... ...
(3)、C:/Perl/scripts/iSniffer>packetDump.pl -d 3 -p 6 -u xxx.xxx.xxx.xxx -z 23
7、源代码
#!C:/Perl/bin/perl.exe
#By shanleiguang@he.chinamobile.com, 2005/07
#ActiveState Perl 5.8.6, Winpcap 3.1 beta
#ppm install NetPacket
#ppm install http://www.bribes.org/perl/ppm/Net-Pcap.ppd
#ppm install http://www.bribes.org/perl/ppm/Net-PcapUtils.ppd
use strict;
use Net::PcapUtils;
use NetPacket::Ethernet;
use NetPacket::IP;
use NetPacket::ICMP;
use NetPacket::TCP;
use Getopt::Std;
use POSIX qw(strftime);
my %opts;
getopts('hvd:p:i:s:t:u:x:y:z:', /%opts);
print_help() and exit if(defined $opts{'h'});
print_help() and exit if(defined $opts{'d'} and ($opts{'d'} !~ m/^/d+$/));
print_help() and exit if(defined $opts{'p'} and ($opts{'p'} !~ m/^/d+$/));
print_help() and exit if(defined $opts{'i'} and ($opts{'i'} !~ m/^/d+$/));
print_help() and exit if(defined $opts{'s'} and ($opts{'s'} !~ m/^/d+./d+./d+./d+$/));
print_help() and exit if(defined $opts{'t'} and ($opts{'t'} !~ m/^/d+./d+./d+./d+$/));
print_help() and exit if(defined $opts{'u'} and ($opts{'u'} !~ m/^/d+./d+./d+./d+$/));
print_help() and exit if(defined $opts{'x'} and ($opts{'x'} !~ m/^/d+$/));
print_help() and exit if(defined $opts{'y'} and ($opts{'y'} !~ m/^/d+$/));
print_help() and exit if(defined $opts{'z'} and ($opts{'z'} !~ m/^/d+$/));
$opts{'p'} = 6 if not defined($opts{'p'});
my $choice;
my %devices = get_supported_devices();
if(defined $opts{'d'}) {
$choice = $opts{'d'};
} else {
print_supported_devices();
print "/nWhich device u want to sniff? [";
print join ',', sort {$a <=> $b} (keys %devices) and print '] ';
$choice = <STDIN>;
chomp($choice);
}
die "Invalid Device!/n" if not defined($devices{$choice});
my $pkt_descriptor = Net::PcapUtils::open(
FILTER => 'ip',
SNAPLEN => 1500,
PROMISC => 1,
DEV => $devices{$choice}{'dev'},
);
die "Net::PcapUtils::open returned: $pkt_descriptor/n" if (!ref($pkt_descriptor));
print strftime "%Y/%m/%d %H:%M:%S, ", localtime;
print "Sniffing on $devices{$choice}{'dev'}... .../n";
my ($next_packet, %next_header);
my $packet_counter = 0;
while (($next_packet, %next_header) = Net::PcapUtils::next($pkt_descriptor)) {
my ($ip_obj, $tcp_obj, $icmp_obj);
$ip_obj = NetPacket::IP->decode(NetPacket::Ethernet::eth_strip($next_packet));
next if (defined $opts{'s'} and ($ip_obj->{'src_ip'} ne $opts{'s'}));
next if (defined $opts{'t'} and ($ip_obj->{'dest_ip'} ne $opts{'t'}));
next if (defined $opts{'u'} and ($ip_obj->{'src_ip'} ne $opts{'u'})
and ($ip_obj->{'dest_ip'} ne $opts{'u'}));
next if ($ip_obj->{'proto'} != $opts{'p'});
if ($ip_obj->{'proto'} == 1) {
$icmp_obj = NetPacket::ICMP->decode($ip_obj->{'data'});
next if (defined $opts{'i'} and ($icmp_obj->{'type'} ne $opts{'i'}));
}
if ($ip_obj->{'proto'} == 6) {
$tcp_obj = NetPacket::TCP->decode($ip_obj->{'data'});
next if (defined $opts{'x'} and ($tcp_obj->{'src_port'} ne $opts{'x'}));
next if (defined $opts{'y'} and ($tcp_obj->{'dest_port'} ne $opts{'y'}));
next if (defined $opts{'z'} and ($tcp_obj->{'src_port'} ne $opts{'z'})
and ($tcp_obj->{'dest_port'} ne $opts{'z'}));
}
$packet_counter++;
print "=No.$packet_counter=", '=' x (80 - length("=No.$packet_counter=")), "/n";
if($opts{'v'}) {
print display_capinfo(/%next_header);
print display_frame_hdr(NetPacket::Ethernet->decode($next_packet));
}
print display_ip_hdr($ip_obj);
print display_icmp_msg($icmp_obj) if ($ip_obj->{'proto'} == 1);
print display_tcp_hdr($tcp_obj) if ($ip_obj->{'proto'} == 6);
}
sub print_help {
print <<HELP
#Please set the width of CMD window to 100
> $0 [hvd:p:i:s:t:u::x:y:z:]
-h print this help
-v print more information
-d choice device, [1,2,3...]
-p 1->icmp, 6->tcp
-i icmp type
0 Echo Reply
3 Destination Unreachable
4 Source Quench
5 Redirect
8 Echo
11 Time Exceeded
12 Parameter Problem
13 Timestamp
14 Timestamp Reply
17 Address Mask Request
18 Address Mask Reply
30 Traceroute
37 Domain Name Request
-s x.x.x.x, source ip
-t x.x.x.x, dest ip
-u x.x.x.x, source/dest ip
-x source port
-y dest port
-z source/dest port
v1.0, by shanleiguang/@he.chinamobile.com
HELP
}
sub get_supported_devices {
my ($error, %description, %devices);
my $index = 0;
foreach (Net::Pcap::findalldevs(/$error, /%description)) {
die "Net::Pcap::finealldevs Error!/n" if defined $error;
$index++;
$devices{$index}{'dev'} = $_;
$devices{$index}{'desc'} = $description{$_};
}
return %devices;
}
sub print_supported_devices {
my ($error, %description);
my (@indexes, @fields, @values);
my $index = 0;
foreach (Net::Pcap::findalldevs(/$error, /%description)) {
die "Net::Pcap::finealldevs Error!/n" if defined $error;
$index++;
push @indexes, ($index, ' ');
push @fields, ('dev', 'desc');
push @values, ($_, $description{$_});
}
print "/n", pretty_table('Supported Devices', (/@indexes, /@fields, /@values));
}
sub display_capinfo {
my $capinfo = shift;
my @capinfo;
push @capinfo, [$_, $capinfo->{$_}] foreach (qw(tv_sec tv_usec len caplen));
return pretty_table('Pcap Info', @capinfo);
}
sub display_frame_hdr {
my $frame_obj = shift;
my @eth_frame;
push @eth_frame, [$_, $frame_obj->{$_}] foreach (qw(src_mac dest_mac type));
return pretty_table('Ethernet Frame Header', @eth_frame);
}
sub display_ip_hdr {
my $ip_obj = shift;
my @ip_hdr;
push @ip_hdr, [qw(ver tos flags id src_ip proto)];
push @{$ip_hdr[1]}, $ip_obj->{$_} foreach (qw(ver tos flags id src_ip proto));
push @ip_hdr, [qw(hlen len foffset ttl dest_ip cksum)];
push @{$ip_hdr[3]}, $ip_obj->{$_} foreach (qw(hlen len foffset ttl dest_ip cksum));
return pretty_table('IP Header', @ip_hdr);
}
sub display_icmp_msg {
my $icmp_obj = shift;
my @icmp_msg;
$icmp_obj->{'data'} =~ s//W//g;
push @icmp_msg, [$_, $icmp_obj->{$_}] foreach (qw(type code cksum data));
return pretty_table('ICMP Message', @icmp_msg);
}
sub display_tcp_hdr {
my $tcp_obj = shift;
my @tcp_hdr;
push @tcp_hdr, [qw(src_port seqnum hlen flags)];
push @{$tcp_hdr[1]}, $tcp_obj->{$_} foreach (qw(src_port seqnum hlen flags));
push @tcp_hdr, [qw(dest_port acknum reserved winsize)];
push @{$tcp_hdr[3]}, $tcp_obj->{$_} foreach (qw(dest_port acknum reserved winsize));
return pretty_table('TCP Header', @tcp_hdr);
#my $data = unpack 'a*', $tcp_obj->{'data'};
#print "$data/n";
}
sub display_udp_hdr {
my $udp_obj = shift;
my @udp_hdr;
push @udp_hdr, [$_, $udp_obj->{$_}] foreach (qw(src_port dest_port cksum));
return pretty_table('UDP Header', @udp_hdr);
}
sub pretty_table {
# pretty_table($aString, @aList); @aList = ( [...], [...] );
my ($title, @data) = @_;
my @temp;
my @maxLength;
my $rowLength;
my $indent = 4;
my $theTable;
foreach my $col (0..$#{$data[0]}) { push @{$temp[$col]}, $_->[$col] foreach (@data); }
$maxLength[$_] = length( (sort{length($b) <=> length($a)} @{$data[$_]} )[0]) + 2 foreach (0..$#data);
$rowLength+= $maxLength[$_] foreach (0..$#{$temp[0]});
$rowLength+= $#data;
$theTable = ' ' x $indent.'+'.'-' x $rowLength."+/n";
$theTable.= ' ' x $indent.'| '.$title.' ' x ($rowLength - length($title) - 1)."|/n";
foreach my $row (0..$#temp) {
$theTable.= ' ' x $indent;
$theTable.= '+'.'-' x $maxLength[$_] foreach (0.. $#{$temp[0]});
$theTable.= "+/n";
$theTable.= ' ' x $indent;
$theTable.= '| '.@{$temp[$row]}[$_].' ' x ($maxLength[$_] - length(@{$temp[$row]}[$_]) - 1)
foreach (0.. $#{$temp[0]});
$theTable.= "|/n";
}
$theTable.= ' ' x $indent;
$theTable.= '+'.'-' x $maxLength[$_] foreach (0.. $#{$temp[0]});
$theTable.= "+/n";
return $theTable;
}
使用Perl编写协议分析脚本相关推荐
- 使用Perl编写协议分析脚本 z
使用Perl编写协议分析脚本 创建时间:2005-07-31 更新时间:2005-08-07 文章属性:原创 文章提交:r00t (i_am_jojo_at_msn.com) 1.软件环境:Windo ...
- (转载)使用Perl编写协议分析脚本
使用Perl编写协议分析脚本 创建时间:2005-07-31 更新时间:2005-08-07 文章属性:原创 文章提交:r00t (i_am_jojo_at_msn.com) 1.软件环境:Windo ...
- 网络协议分析与仿真课程设计报告:网络流量分析与协议模拟
公众号:CS阿吉 网络协议分析与仿真课程设计报告 题 目:网络流量分析与协议模拟 专业名称: 网络工程 班 级: 学生姓名: 阿吉 学号(8位): 指导教 ...
- loadrunner录制事件为0_利用LoadRunner编写Socket性能测试脚本简述
>>>推荐阅读<<< 1.性能测试学习笔记-场景设计 2.性能测试的重要意义 3.性能分析流程及方法 4.应用系统性能调优之性能分析 一.概述 Loadrunner ...
- arp协议分析python编程实现arp欺骗抓图片
arp协议分析&python编程实现arp欺骗抓图片 序 学校tcp/ip协议分析课程老师布置的任务,要求分析一种网络协议并且研究安全问题并编程实现,于是我选择了研究arp协议,并且利用pyt ...
- 干货|app自动化测试之Appium 原理 与 JsonWP 协议分析
想要使用 Appium 进行测试,那么就一定要先了解Appium的原理.Appium 不仅能够实现移动端的 JSONWP,并且延伸到了 Selenium 的 JSONWP,它能够控制不同移动设备的行为 ...
- python编写脚本方法_【Python】教你一步步编写banner获取脚本
Hello 各位小伙伴们大家好,周末过的愉快吗? 刚好最近学习了使用python编写banner获取脚本,今天就跟大家一起一步一步再学习一遍吧. Part.1 说明篇 什么是banner? banne ...
- PYTHON黑帽编程1.5 使用WIRESHARK练习网络协议分析
Python黑帽编程1.5 使用Wireshark练习网络协议分析 1.5.0.1 本系列教程说明 本系列教程,采用的大纲母本为<Understanding Network Hacks At ...
- 【CyberSecurityLearning 34】Linux脚本编写(Shell脚本)
目录 脚本 一个简单的脚本 实现流程: 变量赋值 IF判断语句 if单分支结构 if 双分支结构 if 多分支结构 实用案例:检测内网主机存活状态 Shell循环语句(for.while) for循环 ...
最新文章
- 败了一块7600GS AGP显卡
- jittor和pytorch生成网络对比之pixelda
- ABAP Smart Help调试截图
- 安川g7变频器说明书_安川机器人故障维修合集
- Linux装c编译器gcc,c编译器进阶之路,linux下的gcc c编译器使用教程
- 04-numpy-笔记-transpose
- Kubernetes 也有局限性吗?
- 【嵌入式】使用Cross Toolchain构建交叉工具链
- 基于yolov5与Deep Sort的流量统计与轨迹跟踪
- 幼儿园观察记录的目的和目标_幼儿园教育活动内容实施中的观察与记录有何目的...
- PLC1200配方功能使用---配方功能快速入门
- ResultSet获取记录条数
- JS中反射Reflect的基本使用
- 树莓派(Raspberry Pi)——为树莓派安装系统及常用工具下载地址
- 1--request模块
- 分享自学编程收藏的网站学习资源
- [Spark] GraphX入门
- 闲山:龙的出现,没有中文字幕怎么办? 自己编程搞一个试试
- 天干地支计算公式_如何快速的计算出每一天的天干地支
- win系统一键安装redmine+配置+插件安装配置教程【原创-亲测安装成功-一枚测试喵】
热门文章
- 干货 | LIDAR、ToF相机、双目相机如何科学选择?
- 在Word中设置页面B5的问题
- javascript - 字符串的操作
- POI按照模板导出Excel数据
- 电容或电感的电压_如何通俗的理解电流,电压,电阻,电容和电感电工技术知识学习干货分享...
- UnicodeEncodeError: ‘gbk‘ codec can‘t encode character ‘\xa0‘ in position 21: illegal multibyte sequ
- SAP 打开或关闭财务账期和物料账期等事物代码清单-OB52/MMPV/MMRV/OKP1/1KEF
- USACO-The Castle
- 德累斯顿工业大学计算机学院,德累斯顿工业大学
- python中for in的用法python中for in的用法