Created
May 4, 2018 12:09
-
-
Save icedraco/ce4132270a5b1bb078e62873e4acf25f to your computer and use it in GitHub Desktop.
Windows-based packet monitoring script sample done in Python
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from socket import * | |
| # IP ranges we are monitoring | |
| MONITOR_NETWORKS = [ | |
| '192.168.0.0/16', | |
| '10.0.0.0/8', | |
| '169.254.0.0/16' | |
| ] | |
| # Convert IPv4 string into an integer address | |
| def inet_aton(addr_str): | |
| addr = 0 | |
| byte_list = map(int, addr_str.split('.')) | |
| byte_list.reverse() | |
| while byte_list != []: | |
| addr <<= 8 | |
| addr += byte_list.pop() | |
| return addr | |
| def make_netmask(length): | |
| return (0xffffffff >> length) ^ 0xffffffff | |
| # Convert "IPv4/length" string into an (addr, length) int tuple | |
| def get_range(network): | |
| (addr_str, bits) = network.split('/') | |
| return (inet_aton(addr_str), make_netmask(int(bits))) | |
| # Check if a given address integer is in a given range | |
| def is_inrange(range, addr): | |
| (net_addr, bitmask) = range | |
| return (net_addr & bitmask) == (addr & bitmask) | |
| def main(argv): | |
| if len(argv) < 2: | |
| print("Syntax: %s <ipaddr>" % argv[0]) | |
| return -1 | |
| ipaddr = argv[1] | |
| s = socket(AF_INET, SOCK_RAW, IPPROTO_IP) | |
| s.bind((ipaddr, 0)) | |
| s.ioctl(SIO_RCVALL, RCVALL_ON) | |
| s.setsockopt(IPPROTO_IP, IP_HDRINCL, 1) | |
| print(" * Monitoring on device %s..." % ipaddr) | |
| print() | |
| while True: | |
| (packet, src) = s.recvfrom(65535) | |
| print("%15s: %s" % (src[0], packet)) | |
| if __name__ == '__main__': | |
| from sys import argv | |
| raise SystemExit(main(argv)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment